Reflected Cross-Site Scripting Vulnerability in Sunnet's eHRD Product
CVE-2025-9567

5.1MEDIUM

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-9567?

Sunnet's eHRD product contains a Reflected Cross-Site Scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript code into user sessions. This vulnerability can be exploited through targeted phishing attacks, enabling attackers to bypass security measures and manipulate user interactions. Implementing recommended patches and user awareness programs are essential steps in mitigating this risk.

Affected Version(s)

eHRD CTMS 0

References

https://www.twcert.org.tw/tw/cp-132-10356-ea431-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10357-7de41-2.html

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Aug 28, 2025

CVE-2025-9567 Data

JSON