CVE-2025-69771
Last modified
CVE-2025-69771 is a critical-severity vulnerability rated 9.6/10 on the CVSS scale. Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the same-site context, it can bypass cross-origin restrictions, leading to unauthorized same-site API requests and session data exfiltration.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the same-site context, it can bypass cross-origin restrictions, leading to unauthorized same-site API requests and session data exfiltration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Killergerbah | Asbplayer | <= 1.13.0 |
References
- https://reve-offensive.tistory.com/35Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-69771?
How severe is CVE-2025-69771?
How do I fix CVE-2025-69771?
Are you affected by CVE-2025-69771?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST