Cyber Resilience

CVE-2025-50754

Critical

Published: 04 August 2025

Published
04 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0071 72.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50754 is a critical-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-50754, published on 2025-08-04, is a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) in Unisite CMS version 5.0, specifically within the "Report" functionality. A malicious script submitted by an attacker is stored and rendered unescaped in the admin panel when viewed by an administrator. The issue carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), marking it as critical due to its potential for severe impact across confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability remotely with low complexity, requiring only that an administrator view the compromised report in the admin panel. The rendered script enables session hijacking of the administrator's account. From there, the attacker can leverage the template editor to upload and execute a PHP web shell, resulting in full remote code execution on the server.

Proof-of-concept code demonstrating the exploit chain is publicly available at https://github.com/furk4nyildiz/CVE-2025-50754-PoC. No vendor advisories, patches, or specific mitigation guidance are detailed in the provided references.

EU & UK References

Vulnerability details

Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin…

more

session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Stored XSS in public-facing CMS enables remote exploitation (T1190) and leads directly to web shell upload/execution for RCE (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47873Shared CWE-79
CVE-2026-7052Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-49043Shared CWE-79
CVE-2026-40038Shared CWE-79
CVE-2024-56022Shared CWE-79
CVE-2025-68889Shared CWE-79
CVE-2026-1074Shared CWE-79
CVE-2025-22539Shared CWE-79
CVE-2025-22286Shared CWE-79

Affected Assets

Unisite CMS
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Output Filtering directly prevents the rendering of unescaped malicious scripts in the admin panel when viewing compromised reports, stopping the stored XSS execution.

prevent

Information Input Validation ensures malicious scripts submitted to the Report functionality are rejected or sanitized before storage, preventing the initial XSS payload persistence.

prevent

Flaw Remediation requires timely identification and correction of the specific stored XSS vulnerability in Unisite CMS 5.0, eliminating the root cause of the exploit chain to RCE.

References