CVE-2025-6509 MEDIUM

CVE-2025-6509: seaswalker spring-analysis SimpleController.java echo cross site scripting

Vendor Seaswalker

Product spring-analysis

Weakness CWE-79 · XSS

Published June 23, 2025

Last update June 23, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Key dates

Disclosure timeline

June 23, 2025 CVE published

June 23, 2025 Record updated

Identifiers

CVE CVE-2025-6509

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor Seaswalker

Product spring-analysis

Affected 4379cce848af96997a9d7ef91d594aa129be8d71