CVE-2025-48958

CVE-2025-48958 is a medium-severity cross-site scripting (XSS) vulnerability in froxlor/froxlor (composer), affecting versions <= 2.2.5. It is fixed in 2.2.6.

Summary

An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication.

Observation

It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the "domain" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability.

PoC

  1. Navigate to the Email section in the Customer Account Portal and create a new email address.

  2. Enter any garbage value in the required field and intercept the request using Burp Suite.

  3. Locate the "domain" field in the intercepted request and replace its value with the following HTML Injection payload:

    <a href="&#x68;&#x74;&#x74;&#x70;&#x73;&#x3a;&#x2f;&#x2f;&#x77;&#x77;&#x77;&#x2e;&#x67;&#x6f;&#x6f;&#x67;&#x6c;&#x65;&#x2e;&#x63;&#x6f;&#x6d;">CLiCK</a>

  4. Forward the modified request and observe that the injected payload is reflected on an error page.

  5. Click on the displayed "CLiCK" link to verify that it redirects to https://www.google.com, confirming the presence of HTML Injection.

Impact

An attacker can exploit this HTML Injection vulnerability to manipulate the portal’s content, conduct phishing attacks, deface the application, or trick users into clicking malicious links. This can lead to credential theft, malware distribution, reputational damage, and potential compliance violations.
The users of the customer account portal are impacted by this vulnerability. Specifically, any user who interacts with the email section of the portal may be tricked into clicking malicious links, leading to potential phishing attacks, credential theft, and exposure to other malicious activities. The organization hosting the portal could also be impacted by reputational damage and compliance violations.

Untrusted input is rendered as active markup in a victim's browser, which can run script in their session. Typical impact: session or credential theft, and actions taken as the user.

CVE-2025-48958 has a CVSS score of 5.5 (Medium). The vector is network-reachable, low privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.2.6); upgrading removes the vulnerable code path.

Affected versions

froxlor/froxlor (<= 2.2.5)

Security releases

froxlor/froxlor → 2.2.6 (composer)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

It is recommended to implement proper input validation and output encoding to prevent HTML Injection. The application should sanitize user input by stripping or escaping HTML tags before rendering it on the page.

Frequently Asked Questions

  1. What is CVE-2025-48958? CVE-2025-48958 is a medium-severity cross-site scripting (XSS) vulnerability in froxlor/froxlor (composer), affecting versions <= 2.2.5. It is fixed in 2.2.6. Untrusted input is rendered as active markup in a victim's browser, which can run script in their session.
  2. How severe is CVE-2025-48958? CVE-2025-48958 has a CVSS score of 5.5 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of froxlor/froxlor are affected by CVE-2025-48958? froxlor/froxlor (composer) versions <= 2.2.5 is affected.
  4. Is there a fix for CVE-2025-48958? Yes. CVE-2025-48958 is fixed in 2.2.6. Upgrade to this version or later.
  5. Is CVE-2025-48958 exploitable, and should I be worried? Whether CVE-2025-48958 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2025-48958 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2025-48958? Upgrade froxlor/froxlor to 2.2.6 or later.

Other vulnerabilities in froxlor/froxlor

CVE-2026-52793CVE-2026-41234CVE-2026-41237CVE-2026-41236CVE-2026-41235

Stop the waste.
Protect your environment with Kodem.