Reflected Cross-Site Scripting Vulnerability in Kiwire Captive Portal
CVE-2025-11189

7.3HIGH

Key Information:

Vendor: Synchroweb
Status: Kiwire
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-11189?

The Kiwire Captive Portal is susceptible to a reflected cross-site scripting vulnerability found within the login-url parameter. This flaw permits malicious actors to execute JavaScript code, potentially compromising user sessions and allowing unauthorized access to sensitive information. Users and administrators should take immediate action to patch this vulnerability to safeguard their applications from exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kiwire 3.6

References

https://www.synchroweb.com/release-notes/kiwire/security

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 30, 2025

JSON

Synchroweb