CVE-2025-36548
Published: 24 July 2025
Summary
CVE-2025-36548 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Wwbn Avideo. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 50.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly patches the XSS vulnerability in the AVideo loginForm cancelUri parameter, preventing arbitrary JavaScript execution.
Information input validation rejects or sanitizes malicious payloads in the cancelUri parameter before processing, blocking the reflected XSS attack.
Information output filtering encodes the cancelUri parameter when reflected into HTML or JavaScript contexts, preventing execution of injected scripts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS enables direct browser session hijacking via arbitrary JS execution in victim context.
NVD Description
A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to…
more
visit a webpage to trigger this vulnerability.
Deeper analysisAI
CVE-2025-36548 is a cross-site scripting (XSS) vulnerability in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo version 14.4 and the dev master commit 8a8954ff. The flaw allows a specially crafted HTTP request to trigger arbitrary JavaScript execution in the context of a victim's browser session on the affected AVideo platform. It is classified under CWE-79 and carries a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts across a changed scope.
An unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious webpage that sends a crafted request to the targeted AVideo instance. The high attack complexity and requirement for user interaction (UI:R) mean exploitation relies on social engineering, such as phishing links, but once triggered over the network (AV:N), it enables arbitrary JavaScript execution with the privileges of the logged-in user viewing the page. This could lead to session hijacking, data theft, or further compromise of the victim's account on the platform.
For mitigation details, refer to the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2208, which provides technical analysis and recommended patches or workarounds for affected AVideo deployments.
Details
- CWE(s)