CVE-2025-8571

🗓️ 05 Aug 2025 22:37:14Reported by ConcreteCMSType

Concrete CMS versions vulnerable to XSS in Conversation Messages Dashboard causing potential attacks

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-8571	12 Sep 202514:57	–	circl
CNNVD	Concrete CMS 安全漏洞	5 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-8571 Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page	5 Aug 202522:37	–	cvelist
EUVD	EUVD-2025-23658	3 Oct 202520:07	–	euvd
Github Security Blog	Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page	6 Aug 202500:30	–	github
NVD	CVE-2025-8571	5 Aug 202523:15	–	nvd
OSV	GHSA-4PCG-PJP5-3MC6 Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page	6 Aug 202500:30	–	osv
Positive Technologies	PT-2025-31997 · Unknown · Concrete Cms	5 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-8571	7 Aug 202523:32	–	redhatcve
Snyk	Cross-site Scripting (XSS)	6 Aug 202500:30	–	snyk

NVD

Node

concretecms concrete_cmsRange<8.5.21

concretecms concrete_cmsRange9.0–9.4.3

[
  {
    "defaultStatus": "unaffected",
    "product": "Concrete CMS",
    "repo": "https://github.com/concretecms/concretecms",
    "vendor": "Concrete CMS",
    "versions": [
      {
        "lessThan": "9.4.3",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "patch"
      },
      {
        "lessThan": "8.5.21",
        "status": "affected",
        "version": "5.6",
        "versionType": "patch"
      }
    ]
  }
]

Source	Link
documentation	www.documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes
concretecms	www.concretecms.org/download
documentation	www.documentation.concretecms.org/developers/introduction/version-history/8521-release-notes

04 Sep 2025 15:54Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.8

CVSS 44.8

EPSS0.0026

SSVC