PatchSiren cyber security CVE debrief
CVE-2025-11950 KNOWHY Advanced Technology Trading Ltd. Co. CVE debrief
CVE-2025-11950 is a Reflected XSS vulnerability in EduAsist by KNOWHY Advanced Technology Trading Ltd. Co. The issue affects EduAsist versions before v2.1.
- Vendor
- KNOWHY Advanced Technology Trading Ltd. Co.
- Product
- EduAsist
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-27
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-02-27
- Advisory updated
- 2026-06-04
Who should care
Users of EduAsist versions before v2.1 should apply patches or mitigations to prevent Reflected XSS attacks.
Technical summary
CVE-2025-11950 has a CVSS score of 6.3 and is classified as MEDIUM severity. The vulnerability is caused by improper neutralization of input during web page generation, allowing for Reflected XSS attacks.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to EduAsist version v2.1 or later.
- Implement input validation and sanitization to prevent Reflected XSS attacks.
- Review and update security configurations to ensure proper neutralization of input during web page generation.
Evidence notes
The CVE-2025-11950 vulnerability was published on 2026-02-27T13:16:01.953Z and modified on 2026-06-04T20:16:56.023Z.
Official resources
-
CVE-2025-11950 CVE record
CVE.org
-
CVE-2025-11950 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2025-11950 was published on 2026-02-27T13:16:01.953Z and modified on 2026-06-04T20:16:56.023Z.