Unrated severityNVD Advisory· Published Nov 5, 2025· Updated Nov 5, 2025

CVE-2025-63416

Description

exclusively-hosted-service A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrative data and functions, leading to privilege escalation and full compromise of sensitive user data, as demonstrated by the ability to fetch and exfiltrate the contents of the /admin/users endpoint.

Affected products

SelfBest platform/SelfBest platformdescription
SelfBest/SelfBestllm-fuzzy
Range: =2023.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rohitchaudhary045.medium.com/cve-2025-63416-the-admin-panel-heist-stored-xss-to-privilege-escalation-b4c69d8487f1mitre
self.bestmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000