Detections
Analytics

CVE-2025-25247

medium

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

References

https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m

http://www.openwall.com/lists/oss-security/2025/02/10/1

Details

Source: Mitre, NVD

Published: 2025-02-10

Updated: 2025-07-14

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00036