CVE-2025-10909

low-risk

Published 2025-09-24

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.4/10 Low

NETWORK / LOW complexity

References (5)

https://karinagante.github.io/cve-2025-10909/

https://karinagante.github.io/cve-2025-10909/#proof-of-concept-poc

https://vuldb.com/?ctiid.325696

https://vuldb.com/?id.325696

https://vuldb.com/?submit.651379

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal