CVE-2025-25620
MEDIUMUnifiedtransform 2.0 - Cross-Site Scripting in Create Assignment Function
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-25620. PoCs published by armaansidana2003.
AI-analyzed exploit summary This repository provides a writeup for CVE-2025-25620, detailing a Stored XSS vulnerability in Unifiedtransform v2.0. The exploit involves uploading a malicious PDF file via the 'Create Assignment' function, which executes when viewed.
Description
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
Exploits (1)
nomisec
WRITEUP
by armaansidana2003 · poc
https://github.com/armaansidana2003/CVE-2025-25620
This repository provides a writeup for CVE-2025-25620, detailing a Stored XSS vulnerability in Unifiedtransform v2.0. The exploit involves uploading a malicious PDF file via the 'Create Assignment' function, which executes when viewed.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Unifiedtransform v2.0
Auth required
Prerequisites:
Teacher account access · Ability to upload assignments
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/armaansidana2003/CVE-2025-25620
Scores
CVSS v3
5.4
EPSS
0.0052
EPSS Percentile
39.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
changeweb/unifiedtransform
2.0
Published
Mar 10, 2025
Tracked Since
Feb 18, 2026