CVE-2025-25054

NONE EPSS 14.7%
Published Feb 19, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Feb 19, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user.

Threat Intelligence

EPSS Exploit Probability
14.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

References 2

  • jvn.jp https://jvn.jp/en/jp/JVN48742353/
  • movabletype.org https://www.movabletype.org/news/2025/02/mt-842-released.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.