Reflected Cross-site Scripting Vulnerability in eHRD by Sunnet
CVE-2025-9568

5.1MEDIUM

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-9568?

The eHRD system developed by Sunnet is susceptible to a reflected cross-site scripting vulnerability. This flaw enables unauthenticated attackers to inject and execute arbitrary JavaScript code within a user's browser, putting them at risk of phishing attacks. By exploiting this vulnerability, attackers can manipulate the user's web experience and potentially steal sensitive information. It is crucial for users and administrators of eHRD to be aware of this risk and implement appropriate security measures.

Affected Version(s)

eHRD CTMS 0

References

https://www.twcert.org.tw/tw/cp-132-10356-ea431-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10357-7de41-2.html

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Aug 28, 2025

CVE-2025-9568 Data

JSON