What is CVE-2025-1024?

A high-severity vulnerability in ChurchCRM 5.13.0 allows attackers to execute arbitrary JavaScript via reflected Cross-Site Scripting (XSS). Organizations should prioritize patching to prevent unauthorized access.

What is the severity of CVE-2025-1024?

CVE-2025-1024 has a severity rating of HIGH with a CVSS base score of 8.4.

CVE-2025-1024 | High Vulnerability in ChurchCRM

A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.

With a CVSS score of 8.4, the vulnerability is classified as high severity. Organizations using the affected version should be aware of the significant risks associated with this vulnerability, including potential unauthorized access to sensitive information and user accounts.

The exploitation status for this vulnerability is currently unknown, but given its high severity, organizations should prioritize patching immediately.

Organizations are encouraged to monitor their systems for any signs of exploitation and to implement necessary security measures to mitigate risks.

Vulnerability Details

The vulnerability in ChurchCRM 5.13.0 is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) and CWE-287 (Improper Authentication). It is particularly concerning due to the requirement for administrative privileges to exploit it, which may limit the attack surface but still poses a significant threat in environments where these privileges are granted liberally.

The vulnerability was published on February 19, 2025, and organizations using this version should review their deployment immediately.

Technical Analysis

The root cause of this vulnerability is improper handling of user input on the EditEventAttendees.php page, which allows for the injection of malicious JavaScript. The attack vector is network-based, meaning an attacker can exploit it remotely without physical access to the target system.

The attack complexity is low, and it requires high privileges for exploitation, which makes it crucial for administrators to implement strict access controls and validate all user inputs.

User interaction is passive in this case, as the victim does not need to take any action other than visiting the compromised page. The confidentiality impact is high, as attackers may gain access to sensitive information, while the integrity impact is low and availability impact is high, as malicious scripts can manipulate the application's behavior.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive data, potential data breaches, and reputational damage. The blast radius can extend beyond the initial attack vector if an attacker gains access to administrative privileges and can further exploit the system.

Given the high CVSS score of 8.4, organizations should address this vulnerability in their priority patch cycle. The urgency for remediation is critical, as failure to address this flaw could lead to significant security incidents.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of ChurchCRM is 5.13.0. Organizations should update to the latest version to mitigate this vulnerability effectively.

Mitigation & Remediation

Organizations should prioritize patching this vulnerability immediately. For those unable to apply the patch, consider implementing web application firewalls (WAFs) to filter out malicious input and strengthen input validation on affected pages.

Additionally, organizations can review and adjust user privileges to limit access to sensitive functionalities within ChurchCRM. Continuous monitoring and regular security audits can help identify potential vulnerabilities before they can be exploited.

For further guidance on security best practices, organizations may refer to our penetration testing services.

Detection Guidance

Monitoring logs for unexpected JavaScript execution or unusual access patterns can help in identifying potential exploitation of this vulnerability. Organizations should look for anomalies in user behavior and implement alerts for suspicious actions.

AppSecure Threat Intelligence Insight

The ChurchCRM vulnerability highlights the ongoing risk of XSS vulnerabilities in web applications. Organizations should remain vigilant and proactive in addressing such security flaws to protect against data breaches and other malicious activities.

For more insights on application security, refer to our articles on penetration testing methodology, vulnerability management program design, and web application penetration testing for best practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1024: High Vulnerability in ChurchCRM