{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T20:38:35.276","vulnerabilities":[{"cve":{"id":"CVE-2025-25054","sourceIdentifier":"vultures@jpcert.or.jp","published":"2025-02-19T06:15:22.010","lastModified":"2025-02-19T06:15:22.010","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user."},{"lang":"es","value":"El tipo móvil contiene una vulnerabilidad Cross-Site Scripting Reflejado en la página Editar información del usuario. Cuando se habilita el complemento de autenticación de factores multifactores y un usuario accede a una página manipulado mientras se registra al producto afectado, se puede ejecutar un script arbitrario en el navegador web del usuario."}],"metrics":{"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https:\/\/jvn.jp\/en\/jp\/JVN48742353\/","source":"vultures@jpcert.or.jp"},{"url":"https:\/\/www.movabletype.org\/news\/2025\/02\/mt-842-released.html","source":"vultures@jpcert.or.jp"}]}}]}