Moderate severityNVD Advisory· Published Feb 10, 2025· Updated Feb 10, 2025
Apache Felix Webconsole: XSS in services console
CVE-2025-25247
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.
This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.
Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.felix:org.apache.felix.webconsoleMaven | >= 4.0.0, < 4.9.10 | 4.9.10 |
org.apache.felix:org.apache.felix.webconsoleMaven | >= 5.0.0, < 5.0.10 | 5.0.10 |
Affected products
2- Apache Software Foundation/Apache Felix Webconsolev5Range: Version 4.x
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4c37-7m5h-c8m9ghsaADVISORY
- lists.apache.org/thread/z47jbf0rbylzd0ktfzdw9c8b5fpyl24mghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-25247ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/02/10/1ghsaWEB
- github.com/apache/felix-dev/commit/87513ea3533fdb79d9e2b251410bf2bfbd63941eghsaWEB
News mentions
0No linked articles in our index yet.