CVE-2025-25247

MEDIUM

Apache Felix Webconsole <4.9.8-5.0.8 - XSS

Title source: llm

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

References (2)

[Issue Tracking, Mailing List, Vendor Advisory] https://lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24m

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/02/10/1

Scores

CVSS v3 6.1

EPSS 0.0027

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

apache/felix_webconsole < 4.9.10

org.apache.felix/org.apache.felix.webconsole < 4.9.10Maven

Timeline

Published Feb 10, 2025

Tracked Since Feb 18, 2026