Cross-Site Scripting Vulnerability in Logo Cloud by Logo Software Inc.
CVE-2025-0607

4.3MEDIUM

Key Information:

Vendor

Logo Software Inc.

Status
Logo Cloud
Vendor
CVE Published:
6 October 2025

What is CVE-2025-0607?

A Cross-Site Scripting (XSS) vulnerability exists in Logo Cloud by Logo Software Inc., primarily affecting versions prior to 2.57. This flaw allows attackers to inject malicious scripts into web pages viewed by users, which can facilitate phishing attacks. By exploiting this vulnerability, an attacker could potentially manipulate user sessions or redirect users to malicious websites, posing a significant security risk.

Affected Version(s)

Logo Cloud 0 < 2.57

References

https://www.usom.gov.tr/bildirim/tr-25-0318

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Berat ARSLAN
JSON
.
CVE-2025-0607 : Cross-Site Scripting Vulnerability in Logo Cloud by Logo Software Inc.