Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Sep 10, 2025

CVE-2025-57539

Description

A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially leading to session hijacking or other attacks.

Affected products

Proxmox/Virtual Environmentdescription
Terraform/Proxmox Virtual Environment Providerllm-fuzzy
Range: =8.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/page-2mitre
github.com/khankishiyev-j/bug-bounty/blob/main/proxmox-xssmitre
www.youtube.com/watchmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000