CVE-2025-30087 HIGH

CVE-2025-30087

Vendor Bestpractical

Product RT

Weakness CWE-79 · XSS

Published May 28, 2025

Last update November 3, 2025

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.

Key dates

May 28, 2025 CVE published

November 3, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-30087

CWE CWE-79

CVSS 7.2 / HIGH

Vendor Bestpractical

Product RT

Affected ≥ 4.4.0 and < 4.4.8

Vendor Bestpractical

Product RT

Affected ≥ 5.0.0 and < 5.0.8