PT-2025-31998 · Unknown · Concrete Cms

🗓️ 05 Aug 2025 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 5 Views

Concrete CMS versions 9 to 9.4.2 are vulnerable to Stored Cross-Site Scripting attacks via dashboard.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-8573	5 Aug 202522:50	–	circl
CNNVD	Concrete CMS 安全漏洞	5 Aug 202500:00	–	cnnvd
CVE	CVE-2025-8573	5 Aug 202522:36	–	cve
Cvelist	CVE-2025-8573 Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page	5 Aug 202522:36	–	cvelist
Exploit DB	Concrete CMS 9.4.3 - Stored XSS	16 Sep 202500:00	–	exploitdb
EUVD	EUVD-2025-23659	3 Oct 202520:07	–	euvd
Github Security Blog	Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page	6 Aug 202500:30	–	github
NVD	CVE-2025-8573	5 Aug 202523:15	–	nvd
OSV	GHSA-C5XF-RMV4-J85H Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page	6 Aug 202500:30	–	osv
RedhatCVE	CVE-2025-8573	7 Aug 202523:31	–	redhatcve

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-8573
osv	www.osv.dev/vulnerability/GHSA-c5xf-rmv4-j85h
github	www.github.com/concretecms/concretecms/releases/tag/9.4.3
github	www.github.com/concretecms/concretecms/commit/f7630b467d3a234d3d333ca117046a500e7ee2b6
github	www.github.com/concretecms/concretecms
t	www.t.me/cveNotify/131012
twitter	www.twitter.com/CVEnew/status/1952867203889721851
concretecms	www.concretecms.org/download
documentation	www.documentation.concretecms.org/9-x/developers/introduction/version-history/943-release-notes
twitter	www.twitter.com/VulmonFeeds/status/1952930044906500363

11 Aug 2025 00:00Current

4.9Medium risk

Vulners AI Score4.9

CVSS 42

EPSS0.00367

SSVC

concrete cms cross-site scripting vulnerability home folder members dashboard version 9.4.2