CVE-2025-4951 MEDIUM

CVE-2025-4951

Vendor Rapid7
Product AppSpider Pro
Weakness CWE-79 · XSS
Published May 20, 2025
Last update May 20, 2025

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018

Key dates

02Disclosure timeline

May 20, 2025 CVE published
May 20, 2025 Record updated