Cross Site Scripting Vulnerability in ZrLog Theme Configuration Form by ZrLog
CVE-2025-9591

4.8MEDIUM

Key Information:

Vendor

ZrLog

Status
Zrlog
Vendor
CVE Published:
28 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9591?

A security vulnerability has been identified in the ZrLog application, specifically within the Theme Configuration Form component. This issue arises from improper handling of the 'footerLink' argument in the /api/admin/template/config file, which allows attackers to execute cross site scripting (XSS) attacks. The vulnerability can be exploited remotely, enabling malicious users to inject arbitrary scripts into web pages viewed by other users. Despite early disclosure of the issue to the vendor, there has been no response, highlighting the urgency for users to consider their security measures and monitor their systems for any potential exploitation.

Affected Version(s)

ZrLog 3.1.0

ZrLog 3.1.1

ZrLog 3.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9591 - Proof of Concept

References

https://vuldb.com/?id.321765
vdb-entrytechnical-description
https://vuldb.com/?ctiid.321765
signaturepermissions-required
https://vuldb.com/?submit.636176
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

SaaS5SaaS (VulDB User)
.
CVE-2025-9591 : Cross Site Scripting Vulnerability in ZrLog Theme Configuration Form by ZrLog