CVE-2025-25247
Last modified
CVE-2025-25247 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Felix Webconsole | >= 4.0.0, < 4.9.10 |
| Apache | Felix Webconsole | >= 5.0.0, < 5.0.10 |
References
- https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24mIssue Tracking, Mailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2025/02/10/1Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-25247?
How severe is CVE-2025-25247?
How do I fix CVE-2025-25247?
Are you affected by CVE-2025-25247?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST