CVE-2025-57462

MEDIUM

machpanel 8.0.32 - Stored Cross-Site Scripting via Crafted PDF File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-57462. PoCs published by aljoharasubaie.

AI-analyzed exploit summary This repository describes a stored XSS vulnerability in MachPanel 8.0.32 via malicious PDF file upload. The exploit involves uploading a PDF with XSS scripts in its metadata, which executes when accessed.

Description

Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.

Exploits (1)

nomisec WRITEUP

by aljoharasubaie · poc

https://github.com/aljoharasubaie/CVE-2025-57462

View Code ZIP pw:eip

This repository describes a stored XSS vulnerability in MachPanel 8.0.32 via malicious PDF file upload. The exploit involves uploading a PDF with XSS scripts in its metadata, which executes when accessed.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MachPanel 8.0.32

Auth required

Prerequisites: Access to the ticket submission page · Ability to upload a malicious PDF file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/aljoharasubaie/CVE-2025-57462/blob/main/README.md

View Writeup ZIP pw:eip

Product

https://www.machsol.com/

Scores

CVSS v3 6.1

EPSS 0.0015

EPSS Percentile 4.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

machsol/machpanel 8.0.32

Published Dec 29, 2025

Tracked Since Feb 18, 2026