CVE-2025-4512: Inetum IODAS app.jsp cross site scripting
First published: Sat May 10 2025(Updated: )
A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the argument action leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Inetum IODAS | >=7.2-LTS.4.1-JDK7<=7.2-RC3.2-JDK7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4512?
CVE-2025-4512 is classified as problematic due to its potential for cross-site scripting attacks.
How do I fix CVE-2025-4512?
To fix CVE-2025-4512, ensure that user input is properly sanitized and validated to prevent XSS vulnerabilities.
What software versions are affected by CVE-2025-4512?
CVE-2025-4512 affects Inetum IODAS versions between 7.2-LTS.4.1-JDK7 and 7.2-RC3.2-JDK7.
What is the impact of CVE-2025-4512?
The impact of CVE-2025-4512 allows attackers to execute malicious scripts in the context of users' browsers.
When was CVE-2025-4512 discovered?
CVE-2025-4512 was identified as a vulnerability affecting Inetum IODAS software.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/inetum
- canonical/inetum iodas