CVE advisoryCRITICAL
CVE-2025-67906
MISP Workflow Execution Path XSS Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A cross-site scripting vulnerability exists in MISP's workflow execution path. This flaw allows for the injection of malicious scripts, which could be executed in a user's browser if they interact with a crafted workflow. The potential impact includes exposure of user session data and unauthorized actions performed on