CVE-2025-0609 - Vulnerability Details - OpenCVE

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before 1.18.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Logo Software	Logo Cloud

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0318

History

Mon, 06 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Logo Software Logo Software logo Cloud
Vendors & Products		Logo Software Logo Software logo Cloud

Mon, 06 Oct 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 06 Oct 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before 1.18.
Title		XSS in Logo Software's Logo Cloud
Weaknesses		CWE-79
References		https://www.usom.gov.tr/bildirim/tr-25-0318
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-10-06T09:21:45.354Z

Updated: 2025-10-06T12:51:43.199Z

Reserved: 2025-01-20T13:52:55.420Z

Link: CVE-2025-0609

Vulnrichment

Updated: 2025-10-06T12:51:05.995Z

NVD

Status : Awaiting Analysis

Published: 2025-10-06T10:15:33.867

Modified: 2025-10-06T14:56:21.733

Link: CVE-2025-0609

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0609", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-20T13:52:55.420Z", "datePublished": "2025-10-06T09:21:45.354Z", "dateUpdated": "2025-10-06T12:51:43.199Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Logo Cloud", "vendor": "Logo Software Inc.", "versions": [{"lessThan": "1.18", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).<p>This issue affects Logo Cloud: before 1.18.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before 1.18."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-06T09:21:45.354Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0318"}], "source": {"advisory": "TR-25-0318", "defect": ["TR-25-0318"], "discovery": "UNKNOWN"}, "title": "XSS in Logo Software's Logo Cloud", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T12:51:01.662806Z", "id": "CVE-2025-0609", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T12:51:43.199Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0609", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T12:51:01.662806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T12:51:05.995Z"}}], "cna": {"title": "XSS in Logo Software's Logo Cloud", "source": {"defect": ["TR-25-0318"], "advisory": "TR-25-0318", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Logo Software Inc.", "product": "Logo Cloud", "versions": [{"status": "affected", "version": "0", "lessThan": "1.18", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0318"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before 1.18.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).<p>This issue affects Logo Cloud: before 1.18.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-06T09:21:45.354Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0609", "state": "PUBLISHED", "dateUpdated": "2025-10-06T12:51:43.199Z", "dateReserved": "2025-01-20T13:52:55.420Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-10-06T09:21:45.354Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}