CVE-2025-50754
Published: 04 August 2025
Summary
CVE-2025-50754 is a critical-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-50754, published on 2025-08-04, is a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) in Unisite CMS version 5.0, specifically within the "Report" functionality. A malicious script submitted by an attacker is stored and rendered unescaped in the admin panel when viewed by an administrator. The issue carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), marking it as critical due to its potential for severe impact across confidentiality, integrity, and availability.
An unauthenticated attacker can exploit this vulnerability remotely with low complexity, requiring only that an administrator view the compromised report in the admin panel. The rendered script enables session hijacking of the administrator's account. From there, the attacker can leverage the template editor to upload and execute a PHP web shell, resulting in full remote code execution on the server.
Proof-of-concept code demonstrating the exploit chain is publicly available at https://github.com/furk4nyildiz/CVE-2025-50754-PoC. No vendor advisories, patches, or specific mitigation guidance are detailed in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23552
Vulnerability details
Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin…
more
session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing CMS enables remote exploitation (T1190) and leads directly to web shell upload/execution for RCE (T1505.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Information Output Filtering directly prevents the rendering of unescaped malicious scripts in the admin panel when viewing compromised reports, stopping the stored XSS execution.
Information Input Validation ensures malicious scripts submitted to the Report functionality are rejected or sanitized before storage, preventing the initial XSS payload persistence.
Flaw Remediation requires timely identification and correction of the specific stored XSS vulnerability in Unisite CMS 5.0, eliminating the root cause of the exploit chain to RCE.