Cross-Site Scripting Vulnerability in Gstarsoft GstarCAD Software
CVE-2025-11137

5.1MEDIUM

Key Information:

Vendor

Gstarsoft

Status
Gstarcad
Vendor
CVE Published:
29 September 2025

What is CVE-2025-11137?

A cross-site scripting vulnerability has been identified in Gstarsoft GstarCAD, specifically affecting versions up to 9.4.0. This weakness arises from an insecure implementation within the File Renaming Handler component. Attackers can exploit this vulnerability remotely, potentially allowing them to execute arbitrary scripts in the context of the user's browser. Public disclosure of the exploit means that organizations should undertake immediate action by applying the recommended patch to safeguard their systems.

Affected Version(s)

GstarCAD 9.0

GstarCAD 9.1

GstarCAD 9.2

References

https://vuldb.com/?id.326214
vdb-entry
https://vuldb.com/?ctiid.326214
signaturepermissions-required
https://vuldb.com/?submit.652764
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

BlackSpdier (VulDB User)
JSON
.
CVE-2025-11137 : Cross-Site Scripting Vulnerability in Gstarsoft GstarCAD Software