XSS Vulnerability in SOPlanning by Xceed365
CVE-2025-41001

5.1MEDIUM

Key Information:

Vendor: Soplanning
Status: Soplanning
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-41001?

A Cross Site Scripting (XSS) vulnerability exists in SOPlanning version 1.53.02, stemming from inadequate validation of user input. This issue can be exploited through a crafted POST request to the 'LOGOUT_REDIRECT' parameter in '/soplanning/www/process/options.php'. By leveraging this vulnerability, attackers can potentially trick authenticated users into submitting malformed requests, allowing unauthorized access to their session cookies.

Affected Version(s)

SOPlanning All versions

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Rafael Pedrero

JSON

Soplanning

What is CVE-2025-41001?

Affected Version(s)

References

CVSS V4

Timeline

Credit