CVE-2025-62499 MEDIUM

CVE-2025-62499

Vendor Six Apart Ltd.
Product Movable Type (Software Edition)
Weakness CWE-79 · XSS
Published October 23, 2025
Last update October 23, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 23, 2025 Record updated