CVE-2025-30143 MEDIUM

CVE-2025-30143

Vendor Akamai

Product App & API Protector

Weakness CWE-79 · XSS

Published March 17, 2025

Last update March 17, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.

Key dates

02Disclosure timeline

March 17, 2025 CVE published

March 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-30143

Related vulnerabilities

04Related CVE

CVE-2025-54749 WordPress JetProductGallery Plugin <= 2.2.0.2 - Cross Site Scripting (XSS) Vulnerability CVE-2026-2121 Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting CVE-2024-11246 code-projects Farmacia adicionar-cliente.php cross site scripting CVE-2024-1412 Memberpress <= 1.11.24 - Reflected Cross-Site Scripting via message and error CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability