Reflected Cross-site Scripting Vulnerability in eHRD by Sunnet
CVE-2025-9569

5.1MEDIUM

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-9569?

The eHRD platform developed by Sunnet contains a reflected cross-site scripting vulnerability that allows unauthenticated remote attackers to inject and execute arbitrary JavaScript code in the web browsers of users. This can lead to various malicious activities, including phishing attacks aimed at stealing sensitive information. Users of the eHRD should implement urgent mitigations to safeguard their systems against such threats.

Affected Version(s)

eHRD CTMS 0

References

https://www.twcert.org.tw/tw/cp-132-10356-ea431-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10357-7de41-2.html

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Aug 28, 2025

CVE-2025-9569 Data

JSON