CVE-2025-25247 – org.apache.felix:org.apache.felix.webconsole

Package

Manager: maven
Name: org.apache.felix:org.apache.felix.webconsole
Vulnerable Version: >=4.0.0 <4.9.10 || >=5.0.0 <5.0.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00064 pctl0.20211

Details

Apache Felix Webconsole: XSS in services console Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

Metadata

Created: 2025-02-10T12:30:45Z
Modified: 2025-02-10T18:08:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-4c37-7m5h-c8m9/GHSA-4c37-7m5h-c8m9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-4c37-7m5h-c8m9
Finding: F008
Auto approve: 1