CVE-2025-0795 in CDG
Summary
by MITRE • 01/29/2025
A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/14/2025
This vulnerability resides within the ESAFENET CDG V5 software platform, specifically targeting the /todolistjump.jsp file where improper input validation allows for cross-site scripting attacks. The flaw manifests when the flowId argument is manipulated, creating an opportunity for malicious actors to inject arbitrary JavaScript code into the application's response. This represents a classic client-side injection vulnerability that undermines the application's security posture and user trust. The vulnerability's classification as problematic indicates a significant risk level that requires immediate attention from system administrators and security teams responsible for maintaining the platform's integrity.
The technical exploitation of this vulnerability occurs through remote attack vectors, meaning that malicious actors can initiate the attack without requiring physical access to the target system. The flowId parameter serves as the attack surface where user-supplied input is not properly sanitized or validated before being rendered in the web application's output. This allows attackers to inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of victims. The vulnerability demonstrates a failure in proper input validation and output encoding mechanisms that should prevent such injection attacks according to established security practices.
The operational impact of this vulnerability extends beyond simple script execution, as it creates potential for more sophisticated attacks including session manipulation and data exfiltration. When users interact with the affected application, they become susceptible to having their browser sessions compromised through the injected malicious scripts. The public disclosure of this exploit means that threat actors have already developed working attack vectors, eliminating any advantage of keeping the vulnerability private. Organizations using ESAFENET CDG V5 must consider that their users' browsers may be targeted for persistent attacks, potentially leading to long-term security compromises and unauthorized access to sensitive information processed through the application.
Security professionals should implement immediate mitigations including input validation controls, output encoding, and content security policy enforcement to prevent the exploitation of this vulnerability. The lack of vendor response to early disclosure attempts creates additional risk as organizations cannot rely on official patches or updates to address the issue. According to CWE guidelines, this vulnerability aligns with CWE-79 which describes cross-site scripting flaws, while the ATT&CK framework would categorize this under T1566 for credential access through social engineering and T1059 for command and control through script injection. Organizations should consider implementing web application firewalls, disabling unnecessary features, and conducting thorough penetration testing to identify similar vulnerabilities in their application environments. The public availability of exploitation tools increases the urgency for remediation and highlights the importance of maintaining up-to-date security practices in web application development and deployment.