CVE-2025-8573

🗓️ 05 Aug 2025 22:36:48Reported by ConcreteCMSType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 23 Views

Concrete CMS versions 9 to 9.4.2 have a Stored XSS vulnerability on Members Dashboard page.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-8573	5 Aug 202522:50	–	circl
CNNVD	Concrete CMS 安全漏洞	5 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page	5 Aug 202522:36	–	cvelist
Exploit DB	Concrete CMS 9.4.3 - Stored XSS	16 Sep 202500:00	–	exploitdb
EUVD	EUVD-2025-23659	3 Oct 202520:07	–	euvd
Github Security Blog	Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page	6 Aug 202500:30	–	github
NVD	CVE-2025-8573	5 Aug 202523:15	–	nvd
OSV	GHSA-C5XF-RMV4-J85H Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page	6 Aug 202500:30	–	osv
Positive Technologies	PT-2025-31998 · Unknown · Concrete Cms	5 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-8573	7 Aug 202523:31	–	redhatcve

NVD

Node

concretecms concrete_cmsRange9.0–9.4.3

[
  {
    "defaultStatus": "unaffected",
    "product": "Concrete CMS",
    "programFiles": [
      "https://github.com/concretecms/concretecms"
    ],
    "repo": "https://github.com/concretecms/concretecms",
    "vendor": "Concrete CMS",
    "versions": [
      {
        "lessThan": "9.4.3",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "patch"
      }
    ]
  }
]

Source	Link
documentation	www.documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes
concretecms	www.concretecms.org/download

04 Sep 2025 15:54Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.14.8

CVSS 42

EPSS0.00367

SSVC