Platform
other
Component
graphlytic-xss-exploits
Fixed in
5.0.8
A problematic cross-site scripting (XSS) vulnerability has been identified in Demtec Graphytics versions 5.0.7 through 5.0.7. This flaw allows attackers to inject malicious scripts by manipulating the 'description' argument within the /visualization file. Successful exploitation could lead to session hijacking or other client-side attacks. A fix is available in version 5.0.8.
The XSS vulnerability in Graphytics allows an attacker to inject arbitrary JavaScript code into the application. This code will then be executed in the context of the victim's browser when they access the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The impact is primarily client-side, but could be amplified if the application handles sensitive data or interacts with other systems. The remote nature of the exploit increases the potential attack surface.
This vulnerability was publicly disclosed on April 15, 2025. The vendor was contacted but did not respond. The exploit is considered to be readily exploitable due to its public disclosure. No known active campaigns or KEV listing at the time of writing. CVSS score is LOW (3.5).
Exploit Status
EPSS
0.14% (35% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-3613 is to upgrade Graphytics to version 5.0.8 or later, which contains the fix. If upgrading immediately is not possible, consider implementing input validation and sanitization on the 'description' parameter to prevent malicious script injection. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Thoroughly review and sanitize any user-supplied data before rendering it in the application.
Update to a patched version of Graphytics that resolves the XSS vulnerability. If no version is available, sanitize user inputs in the 'description' parameter to prevent malicious code injection. Contact the vendor for a security patch.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-3613 is a cross-site scripting (XSS) vulnerability affecting Graphytics versions 5.0.7–5.0.7. It allows attackers to inject malicious scripts by manipulating the 'description' argument.
Yes, if you are running Graphytics version 5.0.7, you are potentially affected by this vulnerability. Upgrade to 5.0.8 to mitigate the risk.
The recommended fix is to upgrade Graphytics to version 5.0.8 or later. As a temporary workaround, implement input validation and sanitization on the 'description' parameter.
While no active campaigns are confirmed, the vulnerability has been publicly disclosed and may be exploited. Proactive mitigation is recommended.
Refer to the vendor's website or security mailing lists for the official advisory regarding CVE-2025-3613. Contact Demtec directly for more information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.