Cyber Posture

CVE-2025-25113

High

Published: 03 March 2025

Published
03 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0023 45.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25113 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

Directly addresses improper neutralization of input during web page generation by filtering and encoding outputs to prevent reflected XSS script execution.

SI-10 Information Input Validation good match
prevent

Validates untrusted inputs to the WordPress plugin, rejecting or sanitizing malicious payloads before they are reflected in generated web pages.

SI-2 Flaw Remediation good match
prevent

Remediates the specific flaw in the Implied Cookie Consent plugin versions <=1.3 by identifying, prioritizing, and applying patches for this XSS vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
attack.mitre.org →
Why these techniques?

Reflected XSS enables arbitrary JavaScript execution in the browser (T1059.007) triggered by user interaction with a crafted malicious link (T1204.001), directly facilitating browser session hijacking (T1185).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Senktec Implied Cookie Consent implied-cookie-consent allows Reflected XSS.This issue affects Implied Cookie Consent: from n/a through <= 1.3.

Deeper analysisAI

CVE-2025-25113 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Senktec Implied Cookie Consent WordPress plugin (implied-cookie-consent). This issue affects all versions from n/a through 1.3 inclusive. Published on 2025-03-03, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

A network-based attacker requires no privileges and can exploit the vulnerability with low attack complexity by inducing a user to interact with malicious input, such as a crafted link or payload reflected in web page generation. Exploitation enables arbitrary script execution in the victim's browser context due to the changed scope, resulting in low impacts to confidentiality, integrity, and availability.

The Patchstack advisory provides further details on this vulnerability, including potential mitigation steps, at https://patchstack.com/database/Wordpress/Plugin/implied-cookie-consent/vulnerability/wordpress-external-video-for-everybody-plugin-2-1-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-23632Shared CWE-79
CVE-2026-32528Shared CWE-79
CVE-2025-23630Shared CWE-79
CVE-2025-26991Shared CWE-79
CVE-2025-26565Shared CWE-79
CVE-2025-23491Shared CWE-79
CVE-2025-23590Shared CWE-79
CVE-2026-24838Shared CWE-79
CVE-2025-1401Shared CWE-79
CVE-2024-56018Shared CWE-79

References