Code Execution Vulnerability in Orejime Consent Manager by Boscop
CVE-2025-68457

0.6LOW

Key Information:

Vendor

Boscop-fr

Status
Orejime
Vendor
CVE Published:
19 December 2025

What is CVE-2025-68457?

The Orejime consent manager, utilized for handling user consent in an accessible manner, has a vulnerability that permits the execution of malicious JavaScript code through manipulated data attributes. Specifically, in versions before 2.3.2, attackers could inject HTML containing javascript: links, which Orejime mistakenly converts into executable attributes upon user consent confirmation. Although this risk is minimal under typical circumstances, it becomes significant if an attacker gains the ability to insert HTML into pages. The issue has been addressed in version 2.3.2, and user mitigation can be achieved by sanitizing data attributes to eliminate potential script execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

orejime < 2.3.2

References

https://github.com/boscop-fr/orejime/security/advisories/...
x_refsource_CONFIRM
https://github.com/boscop-fr/orejime/issues/142
x_refsource_MISC
https://github.com/boscop-fr/orejime/pull/143
x_refsource_MISC

CVSS V4

Score:
0.6
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.