CVE-2025-13649 in ZeusWeb
Summary
by MITRE • 02/11/2026
An attacker with access to the web application ZeusWeb of the provider Microcom
(in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the ‘Recover password’ section at the URL: https://zeus.microcom.es:4040/index.html?zeus6=true . This issue affects ZeusWeb: 6.1.31.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/17/2026
The vulnerability identified as CVE-2025-13649 represents a critical cross-site scripting flaw within the ZeusWeb application version 6.1.31 deployed by Microcom. This security weakness exists within the password recovery functionality of the web application, specifically in the email parameter handling mechanism. The vulnerability is particularly concerning because it allows unauthenticated attackers to execute malicious JavaScript code within the context of the victim's browser session, potentially compromising user accounts and sensitive data. The attack vector requires minimal prerequisites as the application does not require user registration for the attack to be effective, making it particularly dangerous in environments where public access is permitted.
The technical exploitation of this vulnerability stems from insufficient input validation and output encoding within the password recovery section of the ZeusWeb application. When users enter email addresses in the recovery form, the application fails to properly sanitize or escape the input data before processing it. This lack of proper sanitization creates an opportunity for attackers to inject malicious JavaScript payloads that will execute when the application processes the input. The vulnerability is classified under CWE-79, which specifically addresses cross-site scripting flaws, and aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments or links. The affected URL structure https://zeus.microcom.es:4040/index.html?zeus6=true demonstrates that the vulnerability exists in a publicly accessible web interface that handles user authentication data.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to perform session hijacking, steal authentication tokens, and potentially escalate privileges within the application. An attacker could craft payloads that redirect users to malicious sites, harvest cookies, or even inject additional malicious code that persists across user sessions. The vulnerability affects the entire user base of ZeusWeb 6.1.31, creating a significant risk for organizations relying on this software for their web applications. The fact that the application does not require registration for the attack to succeed means that any user who accesses the password recovery page could become a victim, making this a particularly high-risk vulnerability for public-facing web applications.
Mitigation strategies for CVE-2025-13649 must include immediate implementation of proper input validation and output encoding mechanisms within the password recovery functionality. Organizations should deploy comprehensive content security policies that prevent execution of unauthorized scripts and implement proper sanitization of all user inputs before processing. The recommended approach involves applying the principle of least privilege by ensuring that all user-supplied data is properly escaped or encoded before being rendered back to the browser. Additionally, organizations should consider implementing web application firewalls to detect and block suspicious payloads attempting to exploit this vulnerability. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities in other application components, with particular attention to any input fields that handle user data in authentication workflows. The vulnerability also underscores the importance of keeping software components updated and applying security patches promptly to prevent exploitation of known vulnerabilities.