cbcvebase.
CVE-2025-67906
published 2025-12-15

CVE-2025-67906: In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

PriorityP342critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.27%
19.0th percentile
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Affected

2 ranges
VendorProductVersion rangeFixed in
misp-projectmisp< 2.5.282.5.28
mispmisp< 2.5.282.5.28
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.