CVE-2025-52367

moderate-risk
Published 2025-09-22

Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.

Do I need to act?

!
70.0% chance of exploitation in next 30 days
EPSS score — higher than 30% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
52361
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Pivotx

Affected Vendors

Pivotx

References (3)

Broken Link http://pivotx.com
Exploit https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-es...
Exploit https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-es...
45
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal