CVE-2025-25905

EUVD-2025-19107
Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CISA-ADPADP
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
4pacecadclick
𝑥
≤ 1.13.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://4pace.com/en/products/cadclick
https://medium.com/@mdjab3r/cve-2025-25905-ffff82c635f2
https://support.cadclick.com