CVE-2025-27412 — MEDIUM (6.1)

Q: How severe is CVE-2025-27412?

CVE-2025-27412 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-27412?

Check the references section above for vendor advisories and patch information. Affected products include: Redaxo Redaxo.

Vulnerability Description

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redaxo	Redaxo	>= 5.0, < 5.18.3

Related Weaknesses (CWE)

CWE-79

References

https://github.com/redaxo/redaxo/security/advisories/GHSA-8366-xmgf-334fExploitVendor Advisory

FAQ

What is CVE-2025-27412?

CVE-2025-27412 is a vulnerability with a CVSS score of 6.1 (MEDIUM). REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in...

How severe is CVE-2025-27412?

CVE-2025-27412 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-27412?

Check the references section above for vendor advisories and patch information. Affected products include: Redaxo Redaxo.