Unrated severityNVD Advisory· Published Sep 9, 2025· Updated Sep 10, 2025

CVE-2025-57540

Description

A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks.

Affected products

Proxmox/Virtual Environmentdescription
Terraform/Proxmox Virtual Environment Providerllm-fuzzy
Range: =8.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/page-2mitre
github.com/khankishiyev-j/bug-bounty/blob/main/proxmox-xssmitre
www.youtube.com/watchmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000