CVE-2026-25616
published 2026-02-03CVE-2026-25616: Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.38%
30.1th percentile
Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blesta | blesta | >= 3.0.0 < 5.13.3 | 5.13.3 |
| phillipsdata | blesta | >= 3.2.0 < 5.13.2 | 5.13.2 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Blesta <= 5.13.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2026-25616 [MEDIUM] Blesta <= 5.13.1 - Cross-Site Scripting
Blesta <= 5.13.1 - Cross-Site Scripting
Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions.
Template:
id: CVE-2026-25616
info:
name: Blesta <= 5.13.1 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: |
Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions.
impact: |
Attackers can exploit input validation flaws to cause unexpected behavior or security issues.
remediation: |
Upgrade to version 5.13.3 or later.
reference:
- https://karmainsecurity.com/KIS-2026-01
- https://www.bles
No writeups or analysis indexed.
2026-02-03
Published