CVE-2025-67906

MEDIUM

MISP < 2.5.28 - Cross-Site Scripting in Workflow Execution Path

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-67906. PoCs published by franckferman.

AI-analyzed exploit summary This repository contains a functional Python-based exploit for CVE-2025-67906, a stored XSS vulnerability in MISP 2.5.27. The exploit demonstrates multiple payload modes, including alert boxes, console logging, and data exfiltration, leveraging the vulnerability in workflow trigger names.

Description

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Exploits (1)

nomisec WORKING POC 2 stars
by franckferman · poc
https://github.com/franckferman/CVE-2025-67906

This repository contains a functional Python-based exploit for CVE-2025-67906, a stored XSS vulnerability in MISP 2.5.27. The exploit demonstrates multiple payload modes, including alert boxes, console logging, and data exfiltration, leveraging the vulnerability in workflow trigger names.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: MISP 2.5.27
Auth required
Prerequisites: Valid MISP API key · Access to MISP instance · Ability to create workflows
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.4
EPSS 0.0027
EPSS Percentile 18.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
misp/misp < 2.5.28
Published Dec 15, 2025
Tracked Since Feb 18, 2026