CVE-2025-25247

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m	Mailing List Vendor Advisory Issue Tracking
http://www.openwall.com/lists/oss-security/2025/02/10/1	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:felix_webconsole::::::::
	cpe:2.3:a:apache:felix_webconsole::::::::

History

No history.

Information

Published : 2025-02-10 12:15

Updated : 2025-07-14 13:50

NVD link : CVE-2025-25247

Mitre link : CVE-2025-25247

CVE.ORG link : CVE-2025-25247

JSON object : View

Products Affected

apache

felix_webconsole

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-25247", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-02-10T12:15:29.557", "references": [{"url": "https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m", "tags": ["Mailing List", "Vendor Advisory", "Issue Tracking"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/10/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.\n\nThis issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.\n\nUsers are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Apache Felix Webconsole. Este problema afecta a Apache Felix Webconsole 4.x hasta 4.9.8 y 5.x hasta 5.0.8. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.9.10 o 5.0.10 o superior, que soluciona el problema. "}], "lastModified": "2025-07-14T13:50:15.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:felix_webconsole:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "961B5383-2AF2-4E6F-9BF5-A5C742D6AA67", "versionEndExcluding": "4.9.10", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:apache:felix_webconsole:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "731E59BA-2F12-47FC-AD13-99FFB0A67483", "versionEndExcluding": "5.0.10", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}