What is CVE-2025-0708?

A medium-severity cross-site scripting vulnerability has been identified in Fumiao OpenCMS version 2.2. Exploitation may lead to unauthorized actions if not addressed promptly.

What is the severity of CVE-2025-0708?

CVE-2025-0708 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-0708 | Medium Vulnerability in Fumiao OpenCMS

A vulnerability was found in Fumiao OpenCMS 2.2. It has been declared as problematic, affecting unknown code in the file /admin/model/addOrUpdate of the component Add Model Management Page. This vulnerability allows for cross-site scripting (XSS) through manipulation of the argument 模板前缀. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Organizations should prioritize patching immediately.

The CVSS score for this vulnerability is 5.3, indicating a medium severity level. This score reflects the potential risk to organizations, as attackers may leverage this vulnerability to conduct unauthorized actions within the affected environment. Remediation is crucial to mitigate the risk associated with this vulnerability.

Given the low attack complexity and the requirement for low privileges, organizations should assess their exposure and address this vulnerability in their patch management process.

Risk to organizations includes potential unauthorized access to sensitive information or system manipulation. Therefore, it is essential to take immediate action to mitigate the impact.

Vulnerability Details

The vulnerability in question affects Fumiao OpenCMS version 2.2 and has been assigned CVE-2025-0708. The vulnerability allows for cross-site scripting (XSS) attacks, specifically in the Add Model Management Page. The manipulation of the argument 模板前缀 can lead to unauthorized script execution. The vulnerability was published on January 24, 2025, and the affected systems include all versions prior to vendor patch.

Technical Analysis

The root cause of this vulnerability stems from inadequate input validation in the affected component. The attack vector is through the network, allowing attackers to exploit the vulnerability remotely. The attack complexity is classified as low, requiring low privileges and no user interaction. This vulnerability impacts the integrity of the system, with a low integrity impact rating, while confidentiality and availability are not affected.

Risk & Impact Analysis

Real-world deployment risk associated with this vulnerability includes unauthorized access and manipulation of data. Organizations that utilize Fumiao OpenCMS should be particularly vigilant as the potential blast radius could affect multiple users if exploited. The urgency for remediation is classified as medium, emphasizing the need to address this vulnerability in priority patch cycles.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of Fumiao OpenCMS prior to the vendor patch. Specifically, version 2.2 is known to be vulnerable. Organizations should ensure they are on a patched version to mitigate risks.

Mitigation & Remediation

Organizations should prioritize updating Fumiao OpenCMS to the latest version to address this vulnerability. In addition, implementing web application firewalls can help mitigate the risk of XSS attacks. For further guidance on web application security, consider reviewing our application security assessment resources.

Detection Guidance

To detect attempts to exploit this vulnerability, organizations should monitor application logs for unusual activity related to the Add Model Management Page. Additionally, any anomalies in user input patterns should be investigated to prevent potential XSS attacks.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of maintaining rigorous input validation and security practices. As web applications evolve, so do the tactics employed by attackers. Security teams should focus on proactive measures, including regular security assessments and adopting a penetration testing methodology to stay ahead of potential threats. Furthermore, awareness of emerging vulnerabilities in widely used technologies, such as Fumiao OpenCMS, is critical.

Lessons learned from vulnerabilities like CVE-2025-0708 should inform future security strategies. Organizations should continuously adapt their security posture to address evolving threats and ensure robust application security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0708: Medium Vulnerability in Fumiao OpenCMS