Cross-Site Scripting Vulnerability in Ubit Information Technologies STOYS
CVE-2025-2404

4.3MEDIUM

Key Information:

Vendor: Ubit Information Technologies
Status: Stoys
Vendor: CVE Published:; 16 September 2025

🔔 Create Ubit Information Technologies Vulnerability Alert

What is CVE-2025-2404?

A Cross-Site Scripting (XSS) vulnerability exists in Ubit Information Technologies' STOYS platform, impacting versions from 2 through 20250916. This security flaw arises from improper neutralization of user-input during web page generation, enabling attackers to inject malicious scripts. Exploiting this vulnerability could lead to unauthorized access and manipulation of user sessions. Given the critical nature of this flaw, users of the affected versions are advised to take immediate action to secure their systems and monitor for updates from the vendor regarding fixes.

Affected Version(s)

STOYS 2 <= 20250916

References

https://www.usom.gov.tr/bildirim/tr-25-0251

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Mar 17, 2025

Credit

Hasan Yasin YAŞAR