CVE-2025-54806 MEDIUM

CVE-2025-54806

Vendor Growi, Inc.
Product GROWI
Weakness CWE-79 · XSS
Published October 23, 2025
Last update October 23, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 23, 2025 Record updated