Cyber Posture

CVE-2025-28877

High

Published: 26 March 2025

Published
26 March 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0040 61.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-28877 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

Information Output Filtering directly prevents reflected XSS by encoding or filtering user input reflected in web page generation, addressing the improper neutralization flaw in the Key4ce osTicket Bridge plugin.

SI-10 Information Input Validation good match
prevent

Information Input Validation rejects or sanitizes malicious inputs before they are processed and reflected, mitigating the CWE-79 vulnerability in the plugin.

SI-2 Flaw Remediation good match
prevent

Flaw Remediation ensures timely patching or updating of the vulnerable Key4ce osTicket Bridge plugin (versions <=1.4.0) to eliminate the reflected XSS issue.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing WordPress plugin enables exploitation via malicious links (T1204.001) delivering JavaScript payloads (T1059.007) for session cookie theft (T1539) after exploiting the web app vuln (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in m.tiggelaar Key4ce osTicket Bridge key4ce-osticket-bridge allows Reflected XSS.This issue affects Key4ce osTicket Bridge: from n/a through <= 1.4.0.

Deeper analysisAI

CVE-2025-28877 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-Site Scripting (XSS) as classified under CWE-79. It affects the Key4ce osTicket Bridge WordPress plugin (key4ce-osticket-bridge), developed by m.tiggelaar, in all versions from n/a through 1.4.0. The issue was published on 2025-03-26 with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges, though it demands user interaction such as clicking a malicious link. Successful exploitation leverages the changed scope (S:C) to achieve low impacts on confidentiality, integrity, and availability, potentially allowing theft of session cookies, user data, or execution of scripts in the victim's browser context.

The primary advisory from Patchstack details the Reflected XSS in the Key4ce osTicket Bridge WordPress plugin up to version 1.4.0 and is available at https://patchstack.com/database/Wordpress/Plugin/key4ce-osticket-bridge/vulnerability/wordpress-key4ce-osticket-bridge-plugin-1-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve. Security practitioners should review it for recommended patches, workarounds, or updates beyond version 1.4.0.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2026-42366Shared CWE-79
CVE-2026-25342Shared CWE-79
CVE-2025-67614Shared CWE-79
CVE-2025-68891Shared CWE-79
CVE-2025-22361Shared CWE-79
CVE-2025-23621Shared CWE-79
CVE-2026-28042Shared CWE-79
CVE-2026-34563Shared CWE-79
CVE-2025-23606Shared CWE-79
CVE-2026-1008Shared CWE-79

References