Cyber Resilience

CVE-2025-7713

HighUpdated

Published: 29 January 2026

Published
29 January 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0005 17.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7713 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Globalmedya Content Management System. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-14 (Public Access Protections) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-7713 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as cross-site scripting (XSS, CWE-79), in the Content Management System (CMS) from Global Interactive Design Media Software Inc. The flaw enables XSS attacks through HTTP headers and affects all versions of the CMS up to and including 21072025. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for significant availability disruption.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows attackers to inject malicious scripts via HTTP headers, potentially leading to high-impact denial of service (DoS) effects on the targeted CMS instance, as reflected in the availability-focused impact vector.

The Turkish National Cyber Incident Response Center (USOM) advisory at https://www.usom.gov.tr/bildirim/tr-26-0008 provides details on this vulnerability, including recommended mitigations and patches where available. Security practitioners should consult this reference for specific remediation steps.

EU & UK References

Vulnerability details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers. This issue affects Content Management System (CMS): through 21072025.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote exploitation of a public-facing CMS web vulnerability (XSS via headers) matches T1190; DoS outcome is secondary effect of successful exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-7714Same product: Globalmedya Content Management System
CVE-2021-47873Shared CWE-79
CVE-2026-7052Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-49043Shared CWE-79
CVE-2026-40038Shared CWE-79
CVE-2024-56022Shared CWE-79
CVE-2025-68889Shared CWE-79
CVE-2026-1074Shared CWE-79
CVE-2025-22539Shared CWE-79

Affected Assets

globalmedya
content management system
≤ 2025-07-21

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation and sanitization of information inputs such as HTTP headers to prevent improper neutralization leading to XSS injection.

prevent

Requires filtering of information output during web page generation to block execution of malicious scripts injected via HTTP headers.

prevent

Scans and blocks inbound web traffic containing malicious content like XSS payloads in HTTP headers targeting public-facing CMS applications.

References