PatchSiren cyber security CVE debrief
CVE-2025-6397 Ankara Hosting Website Design CVE debrief
CVE-2025-6397 is a HIGH severity vulnerability with a CVSS score of 8.6. It is an Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software, allowing Reflected XSS. This issue affects Website Software through version 03022026. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- Ankara Hosting Website Design
- Product
- Website Software
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-03
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-03
- Advisory updated
- 2026-06-05
Who should care
Users of Website Software through version 03022026 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
CVE-2025-6397 is a Reflected XSS vulnerability in Website Software. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches or updates to Website Software to prevent exploitation of this vulnerability.
- Implement additional security measures such as input validation and output encoding to prevent similar vulnerabilities.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2025-6397 was published on 2026-02-03T13:15:53.457Z and modified on 2026-06-05T15:16:42.353Z.