CVE-2025-69140 SeventhQueen CVE debrief

Who should care

Administrators and users of SweetDate Core versions before 1.1.5 should be aware of this vulnerability and take immediate action to update to a patched version. Additionally, security teams and IT professionals responsible for maintaining web applications should be aware of this vulnerability and monitor for potential exploitation attempts.

Technical summary

CVE-2025-69140 is a high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability in SweetDate Core versions before 1.1.5. The vulnerability has a CVSS score of 7.1 and is classified as CWE-79. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability can be exploited over the network with low attack complexity and no privileges required. The vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.

Defensive priority

High

Recommended defensive actions

• Update SweetDate Core to version 1.1.5 or later
• Monitor for potential exploitation attempts
• Implement additional security measures such as input validation and output encoding
• Conduct regular security audits and vulnerability assessments
• Keep software and plugins up-to-date
• Use a web application firewall to detect and prevent attacks

Evidence notes

The vulnerability was reported by Patchstack and is classified as CWE-79. The CVSS score and vector were provided by the NVD. The vulnerability is considered high-severity due to its potential for exploitation and impact on affected systems.

Official resources