Skip to content
Vulnerability intelligence

CVE-2025-49113

A suspected China-aligned campaign chained an XSS flaw patched in August 2024 with an RCE patched in mid-2025 to compromise physics and engineering departments at U.S. and Canadian universities. The gap is not disclosure — it is deployment.

2025