CVE-2025-50891 HIGH

CVE-2025-50891

Vendor Adform
Product server-side backend for Site Tracking
Weakness CWE-79 · XSS
Published August 19, 2025
Last update September 18, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software (such as Adform Site Tracking 1.1).

Key dates

02Disclosure timeline

August 19, 2025 CVE published
September 18, 2025 Record updated