CVE-2025-23039 MEDIUM

CVE-2025-23039: Cross Site Scripting on URL decode Tooltip in Caido

Vendor Caido

Product caido

Weakness CWE-79 · XSS

Published January 17, 2025

Last update January 17, 2025

View on NVD All CVEs

CVSS base score

5.2/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to the theft of sensitive information. This issue has been addressed in version 0.45.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

January 17, 2025 CVE published

January 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-23039 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-23039: Cross Site Scripting on URL decode Tooltip in Caido

01Description

02Disclosure timeline

03References

04Related CVE