CVE-2025-41420
Published: 24 July 2025
Summary
CVE-2025-41420 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Wwbn Avideo. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 50.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Filters information outputs such as the userLogin cancelUri parameter to neutralize XSS payloads before rendering in web pages, directly preventing arbitrary JavaScript execution.
Validates inputs to the cancelUri parameter using defined tools and procedures to reject or sanitize malicious JavaScript payloads prior to processing.
Remediates the specific flaw in cancelUri handling through timely identification, reporting, and correction of the XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS enables arbitrary JS execution in victim browser context, directly facilitating browser session hijacking to steal cookies/tokens or perform actions on behalf of the user.
NVD Description
A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit…
more
a webpage to trigger this vulnerability.
Deeper analysisAI
CVE-2025-41420 is a cross-site scripting (XSS) vulnerability in the userLogin cancelUri parameter functionality of WWBN AVideo version 14.4 and dev master commit 8a8954ff. The issue allows arbitrary JavaScript execution via a specially crafted HTTP request. It carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
An unauthenticated attacker (PR:N) can exploit this over the network (AV:N) with low complexity (AC:L) by tricking a user into visiting a malicious webpage (UI:R), which changes the scope to cross-origin (S:C). Successful exploitation leads to high-impact arbitrary JavaScript execution in the victim's browser context, potentially enabling confidentiality, integrity, and availability compromises (C:H/I:H/A:H).
Mitigation details are available in the Cisco Talos Intelligence advisories at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2209.
Details
- CWE(s)