Cross-Site Scripting Vulnerability in Logo Cloud by Logo Software Inc.
CVE-2025-0609

4.7MEDIUM

Key Information:

Vendor: Logo Software Inc.
Status: Logo Cloud
Vendor: CVE Published:; 6 October 2025

🔔 Create Logo Software Inc. Vulnerability Alert

What is CVE-2025-0609?

A vulnerability exists in Logo Cloud, developed by Logo Software Inc., which allows for Cross-Site Scripting (XSS) attacks due to improper neutralization of input during web page generation. This flaw can enable attackers to inject malicious scripts into web pages viewed by other users, potentially resulting in data theft or session hijacking. The affected version is prior to 1.18, and it's essential for users to upgrade to a secure version or implement mitigation strategies to safeguard against this attack vector.

Affected Version(s)

Logo Cloud 0 < 1.18

References

https://www.usom.gov.tr/bildirim/tr-25-0318

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Jan 20, 2025

Credit

Berat ARSLAN

JSON