Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Sep 10, 2025

CVE-2025-57538

Description

A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view the affected configuration page. This can lead to arbitrary JavaScript execution.

Affected products

Proxmox/Virtual Environmentdescription
Terraform/Proxmox Virtual Environment Providerllm-fuzzy
Range: =8.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/page-2mitre
github.com/khankishiyev-j/bug-bounty/blob/main/proxmox-xssmitre
www.youtube.com/watchmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000