CVE-2025-61872

Vulnerability

Overview CVE-2025-61872 is a cross-site scripting (XSS) vulnerability in Mahara's 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function fails to properly sanitize user input in the query parameter, allowing an attacker to inject malicious scripts that are executed when search results are displayed [1].

Exploitation

An attacker can craft a malicious search query string containing JavaScript. When a user performs a search or visits a page that displays results from such a query, the injected script runs in the context of the user's browser. No authentication is required to trigger the vulnerability, as the search feature is typically accessible to unauthenticated users. The attack vector is over the network via HTTP requests.

Impact

Successful exploitation could allow an attacker to steal session cookies, perform actions on behalf of the victim, or deface the site. The CVSS v3 score of 6.1 (Medium) reflects the potential for confidentiality and integrity impact, though availability is not affected.

Mitigation

Mahara has released versions 25.04.2 and 24.04.11 to address this issue. The 24.04 branch is now end-of-life for security updates; users are strongly advised to upgrade to 25.04.2 or later [1]. No workarounds are documented.