Unrated severityNVD Advisory· Published Dec 12, 2025· Updated Jan 8, 2026
Software Acquisition Guide Supplier Response Web Tool XSS
CVE-2025-67634
Description
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would execute in the context of the user's browser when the user submits the page (clicks 'Next').
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
3- raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-345-01.jsonmitregovernment-resourcethird-party-advisory
- www.cisa.gov/software-acquisition-guide/toolmitreproduct
- www.cve.org/CVERecordmitre
News mentions
0No linked articles in our index yet.