← voltar
CVE-2025-62499

CVE-2025-62499

CVSS 4.6 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Six Apart Ltd. · Movable Type Advanced (Software Edition)Six Apart Ltd. · Movable Type (Cloud Edition)Six Apart Ltd. · Movable Type Premium (Advanced Edition) (Software Edition)Six Apart Ltd. · Movable Type Premium (Cloud Edition)Six Apart Ltd. · Movable Type Premium (Software Edition)Six Apart Ltd. · Movable Type (Software Edition)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jvn.jp/en/jp/JVN24333679/https://movabletype.org/news/2025/10/mt-880-released.htmlhttps://www.sixapart.jp/movabletype/news/2025/10/22-1055.html