Cross-Site Scripting Vulnerability in Demtec Graphytics Visualization Tool
CVE-2025-3613

5.1MEDIUM

Key Information:

Vendor
Demtec
Status
Graphytics
Vendor
CVE Published:
15 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A cross-site scripting vulnerability exists in the Demtec Graphytics visualization tool, specifically in version 5.0.7. This security flaw allows attackers to manipulate the 'description' argument within the application, enabling remote execution of potentially harmful scripts. The issue stems from inadequate validation and sanitization of user inputs within the code responsible for rendering visualizations. Despite the vulnerability being disclosed publicly, the vendor has not issued any response or patch to safeguard users against possible exploitation.

Affected Version(s)

Graphytics 5.0.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3613 - Proof of Concept

References

https://vuldb.com/?id.304672
vdb-entrytechnical-description
https://vuldb.com/?ctiid.304672
signaturepermissions-required
https://vuldb.com/?submit.551172
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.