CVE-2025-24841

NONE EPSS 10.9%
Published Feb 19, 20251y ago · Modified Jun 17, 20262w ago
Find Similar
Published Feb 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may be executed on a logged-in user's web browser.

Threat Intelligence

EPSS Exploit Probability
10.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

References 2

  • jvn.jp https://jvn.jp/en/jp/JVN48742353/
  • movabletype.org https://www.movabletype.org/news/2025/02/mt-842-released.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.