Cross-Site Scripting Vulnerability in O2OA Personal Profile Feature
CVE-2025-9718

5.1MEDIUM

Key Information:

Vendor: O2OA
Status: O2oa
Vendor: CVE Published:; 31 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9718?

A security flaw in O2OA allows for cross-site scripting (XSS) via manipulation of the 'name/alias' argument in the Personal Profile Page component. This vulnerability can be exploited remotely, posing serious security risks. The vendor has acknowledged the issue and plans to release a fix in an upcoming version.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

O2OA 10.0-410

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9718 - Proof of Concept

References

https://vuldb.com/?id.322006

vdb-entrytechnical-description

https://vuldb.com/?ctiid.322006

signaturepermissions-required

https://vuldb.com/?submit.637246

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

🟡
Public PoC available
Aug 31, 2025
👾
Exploit known to exist
Aug 31, 2025
Vulnerability published
Aug 31, 2025
Vulnerability Reserved
Aug 30, 2025

Credit

colorfullbz (VulDB User)

JSON

O2OA

Badges

What is CVE-2025-9718?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.