CVE-2025-61583 MEDIUM

CVE-2025-61583: TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling

Vendor Joni1802

Product ts3-manager

Weakness CWE-20 · Input validation

Published October 1, 2025

Last update October 2, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.

Key dates

02Disclosure timeline

October 1, 2025 CVE published

October 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-61583

Related vulnerabilities

CVE-2025-61583: TS3 Manager is vulnerable to unauthenticated reflected XSS attack due to insecure error handling

01Description

02Disclosure timeline

03References

04Related CVE