HTML Injection Vulnerability in REDCap by Vanderbilt University

CVE-2025-23111

What is CVE-2025-23111?

An issue in REDCap version 14.9.6 permits HTML Injection via the Survey field name, potentially redirecting users to malicious phishing sites. Attackers can exploit this vulnerability to deceive users into clicking on manipulated field names, leading them to compromised URLs. This can facilitate unauthorized actions without the user's knowledge, posing significant security risks.

References