CVE-2025-51541

{"id": "CVE-2025-51541", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-08-05T20:15:37.967", "references": [{"url": "https://gist.github.com/anonx-hunter/a7ef32a01d7d888413b08bf8589fdd7e#file-cve-2025-51541-shopware-xss-md", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.dax-tokaido.com/recovery/install/database-configuration/", "tags": ["Not Applicable"], "source": "[email protected]"}, {"url": "https://gist.github.com/anonx-hunter/a7ef32a01d7d888413b08bf8589fdd7e#file-cve-2025-51541-shopware-xss-md", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious JavaScript. This vulnerability can be exploited via a Cross-Site Request Forgery (CSRF) attack due to the absence of CSRF protections on the POST request. An unauthenticated remote attacker can craft a malicious web page that, when visited by a victim, stores the payload persistently in the installation configuration. As a result, the payload executes whenever any user subsequently accesses the vulnerable installation page, leading to persistent client-side code execution."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la interfaz de instalaci\u00f3n de Shopware 6, ubicada en /recovery/install/database-configuration/. El campo c_database_schema no depura correctamente la informaci\u00f3n proporcionada por el usuario antes de mostrarla en el navegador, lo que permite a un atacante inyectar JavaScript malicioso. Esta vulnerabilidad puede explotarse mediante un ataque de Cross-Site Request Forgery (CSRF) debido a la ausencia de protecci\u00f3n CSRF en la solicitud POST. Un atacante remoto no autenticado puede manipular una p\u00e1gina web maliciosa que, al ser visitada por una v\u00edctima, almacena el payload de forma persistente en la configuraci\u00f3n de la instalaci\u00f3n. Como resultado, el payload se ejecuta cada vez que un usuario accede posteriormente a la p\u00e1gina de instalaci\u00f3n vulnerable, lo que provoca la ejecuci\u00f3n persistente de c\u00f3digo del lado del cliente."}], "lastModified": "2025-09-10T15:30:14.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFADB06-4F4B-4D7C-BCE2-E218CFB2765C", "versionEndExcluding": "6.2.3", "versionStartIncluding": "6.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}