PatchSiren cyber security CVE debrief
CVE-2023-25727 Festo Didactic SE CVE debrief
CVE-2023-25727 is an authenticated cross-site scripting issue in phpMyAdmin’s drag-and-drop import flow. In the supplied advisory corpus, the CVE is associated with Festo Didactic SE MES PC deployments and a vendor replacement path for the affected XAMPP-based component. Organizations should treat this as a browser-side injection risk that can affect logged-in users who handle imports or administration tasks.
- Vendor
- Festo Didactic SE
- Product
- MES PC
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-27
- Original CVE updated
- 2026-01-27
- Advisory published
- 2024-02-27
- Advisory updated
- 2026-01-27
Who should care
Administrators and operators of Festo Didactic SE MES PC environments, especially where phpMyAdmin or a bundled XAMPP-based workflow is exposed to authenticated users. Security teams should also review any environment where users can upload .sql files through a drag-and-drop import interface.
Technical summary
The source description states that phpMyAdmin before 4.9.11 and 5.x before 5.2.1 allows an authenticated user to trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. The supplied CSAF advisory links this CVE to Festo Didactic SE MES PC and identifies a vendor remediation path that replaces XAMPP with Factory Control Panel. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, reflecting network reachability, required authentication, and user interaction.
Defensive priority
Medium. Prioritize if the affected import feature is reachable by multiple authenticated users or by privileged operators, since successful exploitation can hijack browser sessions or alter displayed content for other users.
Recommended defensive actions
- Update phpMyAdmin to 4.9.11 or later in the 4.9 line, or 5.2.1 or later in the 5.x line, wherever it is deployed.
- If the vulnerability applies through Festo MES PC, obtain and deploy the current Factory Control Panel version from Festo support as described in the advisory remediation.
- Restrict access to authenticated import and drag-and-drop upload features to the smallest possible user set.
- Review account privileges for users who can upload .sql files and enforce least privilege and strong authentication controls.
- Audit affected systems for unexpected import activity or browser-side anomalies tied to authenticated sessions.
- Use the vendor and CISA advisory references to confirm which installed component version is actually present before planning remediation.
Evidence notes
The supplied source corpus is a CISA CSAF advisory (ICSA-26-027-02) published on 2024-02-27, with later administrative revisions including a 2026 republication date; those later timestamps are not the CVE’s original publication date. The advisory text explicitly describes the phpMyAdmin .sql drag-and-drop XSS condition and lists a remediation that replaces XAMPP with Factory Control Panel for MES PCs. The corpus also provides the CVSS vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, and no KEV or active-threat enrichment is supplied.
Official resources
-
CVE-2023-25727 CVE record
CVE.org
-
CVE-2023-25727 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied source advisory on 2024-02-27. The record later shows administrative revisions and a 2026 CISA republication, but the original CVE publication date in this dataset remains 2024-02-27.