cbcvebase.
CVE-2025-61224
published 2025-10-06

CVE-2025-61224: Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter

PriorityP343medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EXPLOIT
EPSS
1.29%
66.7th percentile
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter

Affected

2 ranges
VendorProductVersion rangeFixed in
debiandokuwiki< dokuwiki 2025-05-14.b+dfsg-1 (forky)dokuwiki 2025-05-14.b+dfsg-1 (forky)
dokuwikidokuwiki>= 0 < 2025-05-14.b+dfsg-12025-05-14.b+dfsg-1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.