CVE-2025-58920

Published April 10, 2026 · Updated April 10, 2026

7.1CVSS

high

What This Means

CVE-2025-58920 is a high-severity vulnerability in Zootemplate Cerato (versions prior to 2.2.18) that allows for reflected cross-site scripting (XSS). This flaw enables an attacker to inject malicious scripts into web pages viewed by users, potentially compromising their data or session information. To mitigate this risk, upgrade to Zootemplate Cerato version 2.2.19 or later and implement input validation and sanitization for user-generated content.

Official Description+

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18.

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2025-58920.

Related Coverage

Vvulnerability

Reflected XSS Vulnerability in Zootemplate Cerato Affects Versions Prior to 2.2.19

CVE-2025-58920 is a high-severity reflected XSS vulnerability affecting Zootemplate Cerato versions prior to 2.2.19. Users are at risk of script injection, compromising data security. Upgrade to version 2.2.19 and enforce input validation measures to protect against exploitation.

NVD·7h ago·3 min read