Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-64112

Statmatic is a Laravel and Git powered content management system (CMS). Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fixed in 5.22.1.

Published: Oct 30, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-64112
GHSA: GHSA-g59r-24g3-h7cm
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
statamic / cms	-	5.22.1

https://github.com/statamic/cms/commit/e513751f433679ce698606e20c554a0c839987c1
https://github.com/statamic/cms/releases/tag/v5.22.1
https://github.com/statamic/cms/security/advisories/GHSA-g59r-24g3-h7cm

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo