HTML Injection Vulnerability in HRmaster Module by Evolution Consulting Kft.
CVE-2025-51989

7HIGH

Key Information:

Vendor: Evolution Consulting Kft.
Status: HRmaster
Vendor: CVE Published:; 21 August 2025

🔔 Create Evolution Consulting Kft. Vulnerability Alert

What is CVE-2025-51989?

The HRmaster module from Evolution Consulting Kft. contains an HTML injection vulnerability in its registration interface. Attackers can exploit this flaw by injecting malicious HTML tags into the 'keresztnév' (firstname) field during user registration. This malicious input is then sent out via email, creating a potential phishing risk targeting any previously unregistered email addresses. Organizations using this module should take immediate action to mitigate this vulnerability and safeguard against potential phishing attacks.

References

http://evolution.com

http://hrmaster.com

https://hrmaster.hu/modulok/toborzas-es-kivalasztas

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-51989 Data

JSON