Description

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field. This vulnerability is fixed in 5.3.12.

INFO

Published Date :

2025-04-10T12:58:13.674Z

Last Modified :

2025-04-10T13:34:47.431Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-25197 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25197.

URL Resource
https://github.com/silverstripe/silverstripe-elemental/commit/34ff4ed498ccab94cc5f55ef9a56c37f491eda1d cve-icon cve-icon
https://github.com/silverstripe/silverstripe-elemental/security/advisories/GHSA-x8xm-c7p8-2pj2 cve-icon cve-icon
https://www.silverstripe.org/download/security-releases/CVE-2025-25197 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact