CVE-2025-25114
Published: 03 March 2025
Summary
CVE-2025-25114 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of inputs to neutralize malicious payloads like those exploited in this reflected XSS vulnerability.
Mandates filtering of web page outputs to prevent reflected script injection in the victim's browser context.
Ensures timely identification, reporting, and patching of the specific flaw in the WordPress plugin causing improper input neutralization.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing WordPress plugin directly enables remote exploitation of the web application (T1190) via crafted malicious links requiring user interaction (T1204.001) to trigger script execution in the browser.
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through <= 1.0.
Deeper analysisAI
CVE-2025-25114 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the ehabstar User Role user-roles WordPress plugin. This issue affects User Role versions from n/a through <= 1.0. The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility, low attack complexity, no required privileges, user interaction, and changed scope with low impacts to confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability by crafting malicious input that is reflected in web page generation without proper neutralization. Exploitation requires a user, such as an administrator or logged-in user, to interact with a malicious link or input, typically via a phishing vector, leading to script execution in the victim's browser context. This can result in limited theft of sensitive data, session hijacking, or minor disruptions, amplified by the changed scope affecting other resources.
The Patchstack advisory provides details on this vulnerability, including potential patches or workarounds for affected WordPress installations; security practitioners should consult https://patchstack.com/database/Wordpress/Plugin/user-roles/vulnerability/wordpress-easy-wp-tiles-plugin-1-cross-site-scripting-xss-vulnerability-6?_s_id=cve for mitigation guidance and updates.
Details
- CWE(s)