Cyber Posture

CVE-2025-70038

High

Published: 09 March 2026

Published
09 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70038 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Linagora Twake. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

SI-15 directly addresses CWE-79 by filtering information outputs to neutralize untrusted input during web page generation, preventing XSS-based arbitrary code execution in Twake.

SI-10 Information Input Validation good match
prevent

SI-10 enforces validation of all inputs to the Twake web application, blocking malicious payloads that could lead to improper neutralization and XSS exploitation.

SI-2 Flaw Remediation good match
preventrecover

SI-2 mandates timely identification, reporting, and correction of the specific flaw in Twake v2023.Q1.1223, remediating the XSS vulnerability before or after exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

XSS (CWE-79) in public-facing web app directly enables remote exploitation via crafted input/link, matching T1190; arbitrary code claims are overstated for typical XSS but still facilitate initial access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.

Deeper analysisAI

CVE-2025-70038 is a vulnerability classified as CWE-79: Improper Neutralization of Input During Web Page Generation in Linagora Twake version v2023.Q1.1223. Published on 2026-03-09, it enables attackers to execute arbitrary code. The CVSS v3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity, requiring only user interaction such as clicking a malicious link or visiting a crafted page. Successful exploitation grants high confidentiality, integrity, and availability impacts, allowing arbitrary code execution in the context of the affected Twake instance.

References for further details include a GitHub Gist at https://gist.github.com/zcxlighthouse/e0ebb66220ae3c61a24288eb78402c42, the Linagora GitHub organization at https://github.com/linagora, and the Twake repository at https://github.com/linagora/Twake. No specific mitigation or patch information is detailed in the available data.

Details

CWE(s)
CWE-79

Affected Products

linagora
twake
2023.q1.1223

CVEs Like This One

CVE-2025-70039Same product: Linagora Twake
CVE-2026-23807Shared CWE-79
CVE-2025-27005Shared CWE-79
CVE-2025-68520Shared CWE-79
CVE-2026-0800Shared CWE-79
CVE-2025-26555Shared CWE-79
CVE-2025-46199Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-23570Shared CWE-79
CVE-2024-56056Shared CWE-79

References