CVE-2025-27825: XSS

Q: What is the severity of CVE-2025-27825?

CVE-2025-27825 has been assigned a high severity rating due to its potential to allow reflected cross-site scripting (XSS) attacks.

Q: How do I fix CVE-2025-27825?

To fix CVE-2025-27825, upgrade to Backdrop CMS version 1.x-1.0.3 or later.

Q: What specific issue does CVE-2025-27825 address?

CVE-2025-27825 addresses an XSS vulnerability in the Bootstrap 5 Lite theme that fails to properly sanitize dynamic class names.

Q: Who is affected by CVE-2025-27825?

CVE-2025-27825 affects users of the Bootstrap 5 Lite theme in Backdrop CMS versions before 1.x-1.0.3.

Q: Are there any workarounds for CVE-2025-27825?

There are no official workarounds for CVE-2025-27825; upgrading is the recommended solution.

Published Mar 7, 2025

Updated

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.

Affected Software

2 affected components

Backdrop CMS<1.x-1.0.3

Bootstrap 5 Lite theme<1.0.3

Event History

Mar 7, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:15 PM

DescriptionSeverityWeakness

Nov 18, 57181

Event

via FIRST·01:01 PM

Frequently Asked Questions

What is the severity of CVE-2025-27825?

CVE-2025-27825 has been assigned a high severity rating due to its potential to allow reflected cross-site scripting (XSS) attacks.

How do I fix CVE-2025-27825?

To fix CVE-2025-27825, upgrade to Backdrop CMS version 1.x-1.0.3 or later.

What specific issue does CVE-2025-27825 address?

CVE-2025-27825 addresses an XSS vulnerability in the Bootstrap 5 Lite theme that fails to properly sanitize dynamic class names.

Who is affected by CVE-2025-27825?

CVE-2025-27825 affects users of the Bootstrap 5 Lite theme in Backdrop CMS versions before 1.x-1.0.3.

Are there any workarounds for CVE-2025-27825?