Cross-Site Scripting Vulnerability in BlueSpice by Hallo Welt! GmbH
CVE-2025-58114

5.9MEDIUM

Key Information:

Vendor: Hallo Welt! Gmbh
Status: Bluespice
Vendor: CVE Published:; 19 September 2025

🔔 Create Hallo Welt! Gmbh Vulnerability Alert

What is CVE-2025-58114?

An improper input validation vulnerability exists in the CognitiveProcessDesigner extension of BlueSpice by Hallo Welt! GmbH, potentially allowing attackers to inject malicious scripts into web pages accessed by users. This flaw affects BlueSpice versions 5.0 through 5.1.1, posing a risk to data integrity and user security. Proper validation mechanisms should be implemented to mitigate such vulnerabilities.

Affected Version(s)

BlueSpice 5 <= 5.1.1

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advi...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 18, 2025