CVE-2025-54057

CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability

Vendor Apache Software Foundation

Product Apache SkyWalking

Weakness CWE-80 · XSS · basic

Published November 27, 2025

Last update April 13, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.

Key dates

Disclosure timeline

November 27, 2025 CVE published

April 13, 2026 Record updated