Reflected Cross-site Scripting Vulnerability in WinMatrix3 by Simopro Technology
CVE-2025-7920

6.1MEDIUM

Key Information:

Vendor: Simopro Technology
Status: Winmatrix3 Web Package
Vendor: CVE Published:; 21 July 2025

🔔 Create Simopro Technology Vulnerability Alert

What is CVE-2025-7920?

The WinMatrix3 web package, developed by Simopro Technology, is vulnerable to reflected cross-site scripting attacks. This vulnerability permits unauthenticated remote attackers to inject and execute arbitrary JavaScript code within the user's browser. Exploitation can occur through deceptive phishing tactics, potentially leading to data theft or unauthorized actions within the context of the user's session.

Affected Version(s)

WinMatrix3 Web package 0 <= 1.2.39.5

References

https://www.twcert.org.tw/tw/cp-132-10262-2fcb6-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10267-775be-2.html

third-party-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jul 21, 2025