CVE-2025-54856

Publication date 23 October 2025

Last updated 29 October 2025

Ubuntu priority

Description

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.

Status

Show unmaintained releases

Package	Ubuntu Release	Status

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-54856
https://jvn.jp/en/jp/JVN24333679/
https://movabletype.org/news/2025/10/mt-880-released.html
https://www.sixapart.jp/movabletype/news/2025/10/22-1055.html

CVE-2025-54856

Description

Status

References

Other references

Access our resources on patching vulnerabilities