Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-65110

critical Nessus Plugin ID 282586

Language:

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if safe mode expressionInterpreter is used. First, they use `vega` in an application that attaches both `vega` library and a `vega.View` instance similar to the Vega Editor to the global `window`, or has any other satisfactory function gadgets in the global scope. Second, they allow user-defined Vega `JSON` definitions (vs JSON that was is only provided through source code).
 This vulnerability allows for DOM XSS, potentially stored, potentially reflected, depending on how the library is being used. The vulnerability requires user interaction with the page to trigger. An attacker can exploit this issue by tricking a user into opening a malicious Vega specification. Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the application's domain. This can lead to theft of sensitive information such as authentication tokens, manipulation of data displayed to the user, or execution of unauthorized actions on behalf of the victim. This exploit compromises confidentiality and integrity of impacted applications.Patched versions are available in `[email protected]` (requires ESM) for Vega v6 and `[email protected]` (no ESM needed) for Vega v5. As a workaround, do not attach `vega` or `vega.View` instances to global variables or the window as the editor used to do. This is a development-only debugging practice that should not be used in any situation where Vega/Vega-lite definitions can come from untrusted parties. (CVE-2025-65110)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

See Also

https://security-tracker.debian.org/tracker/CVE-2025-65110

https://ubuntu.com/security/CVE-2025-65110

Plugin Details

Severity: Critical

ID: 282586

File Name: unpatched_CVE_2025_65110.nasl

Version: 1.3

Type: local

Agent: unix

Family: Misc.

Published: 1/12/2026

Updated: 2/17/2026

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-65110

CVSS v3

Risk Factor: Critical

Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:U/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:25.10, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, cpe:/o:debian:debian_linux:14.0, p-cpe:/a:canonical:ubuntu_linux:vega.js, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:debian:debian_linux:vega.js, cpe:/o:debian:debian_linux:13.0

Required KB Items: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/5/2026

Reference Information

CVE: CVE-2025-65110