Cybersecurity Vulnerabilities

REDAXO CMS Targeted by XSS Attack: Urgent Update Required (CVE-2025-66026)

November 26, 2025 - By 

Overview

A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in REDAXO, a PHP-based Content Management System (CMS). This vulnerability, identified as CVE-2025-66026, affects versions prior to 5.20.1. Specifically, the Mediapool view is susceptible to attack, where an attacker can inject arbitrary JavaScript code through a crafted URL, potentially compromising the backend of the affected REDAXO installation. This post outlines the vulnerability, its potential impact, and the necessary steps to mitigate the risk.

Technical Details

The vulnerability lies in the Mediapool’s handling of the args[types] request parameter. Prior to version 5.20.1, this parameter is rendered into an information banner without proper HTML escaping. This allows an attacker to inject malicious JavaScript code within the parameter value. When a logged-in administrator or user with sufficient permissions visits a specially crafted URL containing the malicious payload, the JavaScript code is executed in their browser, effectively allowing the attacker to perform actions on their behalf. This could include stealing session cookies, creating new administrator accounts, or modifying website content.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) has assigned a score of 6.1 (Medium) to CVE-2025-66026. This score reflects the potential for significant impact, particularly the ability to execute arbitrary code in the context of an authenticated user. The CVSS vector provides a detailed breakdown of the vulnerability’s characteristics.

Possible Impact

Successful exploitation of this XSS vulnerability could have severe consequences:

  • Account Takeover: Attackers can steal session cookies, allowing them to impersonate legitimate users, including administrators.
  • Website Defacement: Attackers can modify website content, potentially damaging the website’s reputation.
  • Malware Distribution: Attackers can inject malicious scripts to redirect users to phishing sites or distribute malware.
  • Data Theft: Attackers can potentially access sensitive data stored within the REDAXO CMS.

Mitigation and Patch Steps

The most effective way to mitigate this vulnerability is to update your REDAXO installation to version 5.20.1 or later. Here’s how to update:

  1. Backup Your Website: Before performing any updates, create a complete backup of your website files and database.
  2. Update REDAXO: Log in to your REDAXO backend and navigate to the update section. Follow the instructions to update to the latest version (5.20.1 or later).
  3. Verify the Update: After the update is complete, verify that the REDAXO version number is 5.20.1 or higher.
  4. Monitor Your Website: Keep an eye on your website for any signs of suspicious activity.

If you are unable to update immediately, consider implementing temporary mitigations, such as carefully sanitizing user input and implementing strict input validation.

References

REDAXO Commit – 58929062312cf03e344ab04067a365e6b6ee66aa
REDAXO Security Advisory – GHSA-x6vr-q3vf-vqgq

Published: 2025-11-26T03:15:58.440

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *