CVE-2025-0607 - Vulnerability Details - OpenCVE

Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Logo Software	Logo Cloud

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0318

History

Mon, 06 Oct 2025 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79

Mon, 06 Oct 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.	Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.
Weaknesses		CWE-116

Mon, 06 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Logo Software Logo Software logo Cloud
Vendors & Products		Logo Software Logo Software logo Cloud

Mon, 06 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 06 Oct 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.
Title		HTML Injection in Logo Software's Logo Cloud
Weaknesses		CWE-79
References		https://www.usom.gov.tr/bildirim/tr-25-0318
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-10-06T09:14:57.495Z

Updated: 2025-10-06T14:53:33.310Z

Reserved: 2025-01-20T13:52:40.801Z

Link: CVE-2025-0607

Vulnrichment

Updated: 2025-10-06T13:17:41.724Z

NVD

Status : Awaiting Analysis

Published: 2025-10-06T10:15:32.523

Modified: 2025-10-06T15:16:02.380

Link: CVE-2025-0607

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0607", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-20T13:52:40.801Z", "datePublished": "2025-10-06T09:14:57.495Z", "dateUpdated": "2025-10-06T14:53:33.310Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Logo Cloud", "vendor": "Logo Software Inc.", "versions": [{"lessThan": "2.57", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.<p>This issue affects Logo Cloud: before 2.57.</p>"}], "value": "Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57."}], "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "CAPEC-98 Phishing"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-06T14:53:33.310Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0318"}], "source": {"advisory": "TR-25-0318", "defect": ["TR-25-0318"], "discovery": "UNKNOWN"}, "title": "HTML Injection in Logo Software's Logo Cloud", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T13:14:36.371169Z", "id": "CVE-2025-0607", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T13:17:44.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0607", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T13:14:36.371169Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T13:17:41.724Z"}}], "cna": {"title": "HTML Injection in Logo Software's Logo Cloud", "source": {"defect": ["TR-25-0318"], "advisory": "TR-25-0318", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "CAPEC-98 Phishing"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Logo Software Inc.", "product": "Logo Cloud", "versions": [{"status": "affected", "version": "0", "lessThan": "2.57", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0318"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.", "supportingMedia": [{"type": "text/html", "value": "Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.<p>This issue affects Logo Cloud: before 2.57.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-06T14:53:33.310Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0607", "state": "PUBLISHED", "dateUpdated": "2025-10-06T14:53:33.310Z", "dateReserved": "2025-01-20T13:52:40.801Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-10-06T09:14:57.495Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}