cbcvebase.
CVE-2025-24892
published 2025-02-10

CVE-2025-24892: OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before…

PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.27%
18.9th percentile
OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a project. The issue has been resolved in OpenProject version 15.2.1. Those who are unable to upgrade may apply the patch manually.

Affected

2 ranges
VendorProductVersion rangeFixed in
openprojectopenproject< 15.2.115.2.1
opfopenproject< 15.2.115.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.