CVE-2025-25054

Publication date 19 February 2025

Last updated 19 February 2025

Ubuntu priority

Description

Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user.

Status

Show unmaintained releases

Package	Ubuntu Release	Status

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-25054
https://jvn.jp/en/jp/JVN48742353/
https://www.movabletype.org/news/2025/02/mt-842-released.html