CVE-2025-11137

Summary

A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue.

Affected Software

VendorProductVersion RangeStatus
GstarsoftGstarCAD9.0affected
GstarsoftGstarCAD9.1affected
GstarsoftGstarCAD9.2affected
GstarsoftGstarCAD9.3affected
GstarsoftGstarCAD9.4.0affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References