CVE-2025-57538

MEDIUM

Proxmox Virtual Environment - Authenticated Stored Cross-Site Scripting in Datacenter HTTP Proxy Field

Title source: llm
STIX 2.1

Description

A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view the affected configuration page. This can lead to arbitrary JavaScript execution.

Scores

CVSS v3 5.4
EPSS 0.0031
EPSS Percentile 22.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
proxmox/virtual_environment 8.4
Published Sep 09, 2025
Tracked Since Feb 18, 2026