Cross-Site Scripting Vulnerability in Zirve Nova by Zirve Information Technologies
CVE-2025-0419

4.7MEDIUM

Key Information:

Vendor: Zirve Information Technologies Inc.
Status: Zirve Nova
Vendor: CVE Published:; 17 September 2025

🔔 Create Zirve Information Technologies Inc. Vulnerability Alert

What is CVE-2025-0419?

A Cross-Site Scripting (XSS) vulnerability has been identified in Zirve Nova, a product by Zirve Information Technologies. This issue arises from improper sanitization of user input during web page generation, potentially allowing an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability affects versions 235 up to and including 20250131, which may result in unauthorized access to sensitive data or execution of harmful actions on behalf of unsuspecting users.

Affected Version(s)

Zirve Nova 235 <= 20250131

References

https://www.usom.gov.tr/bildirim/tr-25-0260

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jan 13, 2025

Credit

Berat ARSLAN