Strix
26.1K

CVE-2025-32785

LOWCVSS 2/10EPSS 0.23%

Last modified

CVE-2025-32785 is a low-severity vulnerability rated 2/10 on the CVSS scale. Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management section. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management section. An authenticated user can inject malicious JavaScript by adding a payload to the Address field when creating or editing a list entry. The vulnerability is triggered when another user navigates to the Tools section and performs a gravity database update. The Address field does not properly sanitize input, allowing special characters and script tags to bypass validation. This has been patched in version 6.3.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS 4.0
2/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.23%

13.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Pi-HoleWeb Interface< 6.3

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-32785?
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management section. An authenticated user can inject malicious JavaScript by adding a payload to the Address field when creating or editing a list entry. The vulnerability is triggered when another user navigates to the Tools section and performs a gravity database update. The Address field does not properly sanitize input, allowing special characters and script tags to bypass validation. This has been patched in version 6.3.
How severe is CVE-2025-32785?
CVE-2025-32785 has a CVSS score of 2/10 (LOW severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.
How do I fix CVE-2025-32785?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-32785?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST