CVE-2025-51989: HTML injection vulnerability in the registration interface in Evolution Consulting Kft.
HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not registered, email address.
Security readout for executives and security teams
Plain-English summary
CVE-2025-51989 lets an unauthenticated attacker place HTML into the firstname field of a registration flow. That HTML is then included in outbound email, creating a credible phishing path against email addresses that have not previously registered. The source bundle does not identify a vendor patch or active exploitation.
Executive priority
Treat this as a high-priority phishing-enablement issue for affected HRmaster registration deployments. Prioritize confirmation of exposure, vendor guidance, and email-template hardening, especially where HR workflows send messages to external candidates or unregistered addresses.
Technical view
The CVE describes CWE-80 HTML injection in Evolution Consulting Kft. HRmaster module v235 registration. User-controlled HTML in the "keresztnév" firstname field is reflected into generated email. CVSS is 7.0 high with network access, no privileges, high attack complexity, and confidentiality impact rated high.
Likely exposure
Organizations using the named HRmaster module v235 registration workflow may be exposed. The structured affected product fields are listed as n/a, so confirm actual deployed versions and modules with the vendor or asset owner.
Exploitation context
The bundle reports phishing scenarios via registration-generated email, but does not cite active exploitation. The CVE is not marked as CISA KEV in the provided data.
Researcher notes
Evidence is limited to the CVE description and linked public references. The CVE names HRmaster module v235, but structured affected metadata is incomplete. Avoid assuming broader product impact or patch availability without vendor confirmation.
Mitigation direction
Check Evolution Consulting or HRmaster guidance for patches or configuration advice.
HTML-encode untrusted profile fields before email rendering.
Sanitize registration input server-side, including firstname fields.
Review email templates for unsafe insertion of user-controlled data.
Monitor registration and outbound email activity for abuse patterns.
Validation and detection
Identify whether HRmaster module v235 registration is deployed.
Review registration-to-email data flow for raw HTML rendering.
Confirm firstname handling uses output encoding in email templates.
Check mail logs for unusual registration-generated email volume.
Verify vendor advisories before closing remediation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-80: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-80 · source CWE mapping
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.