CVE-2025-25247

CVE-2025-25247: Apache Felix Webconsole: XSS in services console

Vendor Apache Software Foundation

Product Apache Felix Webconsole

Weakness CWE-79 · XSS

Published February 10, 2025

Last update February 10, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

Key dates

Disclosure timeline

February 10, 2025 CVE published

February 10, 2025 Record updated

Identifiers

CVE CVE-2025-25247

CWE CWE-79

Affected versions

Vendor Apache Software Foundation

Product Apache Felix Webconsole

Affected ≥ Version 4.x and ≤ 4.9.8

Vendor Apache Software Foundation

Product Apache Felix Webconsole

Affected ≥ Version 5.x and ≤ 5.0.8