Reflected XSS Vulnerability in SMSEagle Software by SMSEagle
CVE-2025-59715

4.8MEDIUM

Key Information:

Vendor: Smseagle
Status: Smseagle
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-59715?

SMSEagle software, prior to version 6.11, is susceptible to a reflected XSS vulnerability. This flaw occurs when an attacker can manipulate user input, such as a username or contact phone number. If exploited, this vulnerability allows unauthorized scripts to be executed within a user's browser session, potentially compromising sensitive information or facilitating further attacks.

Affected Version(s)

SMSEagle 0 < 6.11

References

https://www.smseagle.eu/security-advisory/resolved-xss-in...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 19, 2025

Smseagle

What is CVE-2025-59715?

Affected Version(s)

References

CVSS V3.1

Timeline