Security Advisory
CVE-2025-13127 (XSS Vulnerability)

Date Published: 12 December 2025 CVE ID: CVE-2025-13127 Severity: Low (CVSS 3.5)

Executive Summary

A security vulnerability has been identified in the GOLDENHORN application involving Cross-Site Scripting (XSS). This issue arises from the improper neutralisation of input during web page generation.

While the severity is classified as Low, we take all security matters seriously. Our team has released a patch to address this behaviour, and we recommend that users update their software to maintain the highest security standards.

Affected Products and Versions

This vulnerability affects the following versions of GOLDENHORN:

• Versions prior to v4.25.1121.1 (v0 to v4.25.1121.0).

Remediation (Solution)

The issue has been resolved in GOLDENHORN v4.25.1121.1.

We advise all customers and system administrators to upgrade to v4.25.1121.1 (or the latest available version) at their earliest convenience.

• For SaaS Users: No action is required; the patch has been applied automatically.
• For On-Premise Users: Please download the latest update from the [Download Centre/Customer Portal] and follow the standard upgrade procedures.

Technical Details

• Vulnerability Type: CWE-79: Improper Neutralisation of Input During Web Page Generation (XSS).
• CVSS Score: 3.5 (Low).
• Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
  • Note: Exploitation requires the attacker to have low-level privileges (PR:L) and necessitates user interaction (UI:R), significantly mitigating the risk in standard operating environments.

USOM : https://www.usom.gov.tr/bildirim/tr-25-0441
CVE : https://www.cve.org/CVERecord?id=CVE-2025-13127