Platform
other
Component
paymentsafe
Fixed in
2.5.27
A problematic cross-site scripting (XSS) vulnerability has been identified in Eastnets PaymentSafe versions 2.5.26.0. This flaw allows remote attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The vulnerability impacts an unknown part of the BIC Search component. Updating to version 2.5.27.0 resolves this issue.
Successful exploitation of CVE-2025-1337 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the PaymentSafe system. This could lead to the theft of sensitive information, such as login credentials or financial data. Attackers could also redirect users to malicious websites or deface the PaymentSafe interface. The potential impact is amplified if PaymentSafe is integrated with other systems, as the attacker could potentially leverage this vulnerability to gain access to those systems as well.
CVE-2025-1337 was publicly disclosed on 2025-02-16. No public proof-of-concept (PoC) code has been released at the time of writing. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but the potential impact warrants prompt remediation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1337 is to upgrade Eastnets PaymentSafe to version 2.5.27.0 or later. If an immediate upgrade is not feasible, consider implementing strict input validation and output encoding on the BIC Search component to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can provide an additional layer of defense. Regularly review PaymentSafe configuration for any misconfigurations that could exacerbate the vulnerability.
Update Eastnets PaymentSafe to version 2.5.27.0 or higher. This update corrects the Cross-Site Scripting (XSS) vulnerability in the BIC search function. The update will mitigate the risk of malicious scripts executing in user browsers.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1337 is a cross-site scripting (XSS) vulnerability affecting Eastnets PaymentSafe version 2.5.26.0, allowing remote attackers to inject malicious scripts.
If you are using Eastnets PaymentSafe version 2.5.26.0, you are potentially affected by this vulnerability. Upgrade is recommended.
The recommended fix is to upgrade to version 2.5.27.0 or later. Consider input validation and WAF rules as interim measures.
There is no confirmed active exploitation of CVE-2025-1337 at this time, but the potential for exploitation exists.
Please refer to the Eastnets security advisory for detailed information and updates regarding CVE-2025-1337.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.