CVE-2025-57244

low-risk
Published 2025-11-05

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Openkm

Affected Vendors

Openkm

References (2)

Broken Link https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20...
Exploit https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal