CVE-2025-27102

Public Exploit
Agate vulnerable to HTML injection in user signup - Administrator phishing risk

Description

Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Version 3.3.0 fixes the issue.

Category

5.4
CVSS
Severity: Medium
CVSS 4.0 •
EPSS 0.22%
Affected: obiba agate
Published at:
Updated at:

References

Link Tags
https://github.com/obiba/agate/security/advisories/GHSA-v3wj-7vj5-xj5v
https://github.com/obiba/agate/releases/tag/3.3.0

Frequently Asked Questions

What is the severity of CVE-2025-27102?
CVE-2025-27102 has been scored as a medium severity vulnerability.
How to fix CVE-2025-27102?
To fix CVE-2025-27102, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-27102 being actively exploited in the wild?
It is possible that CVE-2025-27102 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-27102?
CVE-2025-27102 affects obiba agate.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.