CVE-2025-25247

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-25247

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25247.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-25247

Aliases

GHSA-4c37-7m5h-c8m9

Published

2025-02-10T12:15:29.557Z

Modified

2026-04-10T05:27:07.856894Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.

Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

References

Affected packages

Git / github.com/apache/felix-dev

Affected ranges

Type

GIT

Repo

https://github.com/apache/felix-dev

Events

Introduced

1ce72dad35b4e1caca807b53185402515d5bf07f

Fixed

f9f659188c7113a81b17cdbb3794eed5c975cbf3

Introduced

fc87db65f67e92c9da8baea993f53a15c4bf5b76

Fixed

2fad865f532e56c9f19b6a1ad4b17010f033ba92

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.9.10"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.10"
        }
    ]
}

Affected versions

Other

felix-parent-9

maven-bundle-plugin-6.*

maven-bundle-plugin-6.0.0

org.*

org.apache.felix.cm.json-2.0.6

org.apache.felix.http.base-5.1.10

org.apache.felix.http.base-5.1.6

org.apache.felix.http.base-5.1.8

org.apache.felix.http.bridge-5.1.6

org.apache.felix.http.bridge-5.1.8

org.apache.felix.http.inventoryprinter-1.0.2

org.apache.felix.http.jetty-5.1.10

org.apache.felix.http.jetty-5.1.12

org.apache.felix.http.jetty-5.1.14

org.apache.felix.http.jetty-5.1.16

org.apache.felix.http.jetty-5.1.18

org.apache.felix.http.jetty-5.1.20

org.apache.felix.http.jetty-5.1.22

org.apache.felix.http.jetty-5.1.24

org.apache.felix.http.jetty-5.1.26

org.apache.felix.http.jetty-5.1.28

org.apache.felix.http.jetty-5.1.8

org.apache.felix.http.jetty12-1.0.10

org.apache.felix.http.jetty12-1.0.12

org.apache.felix.http.jetty12-1.0.14

org.apache.felix.http.jetty12-1.0.16

org.apache.felix.http.jetty12-1.0.18

org.apache.felix.http.jetty12-1.0.19

org.apache.felix.http.jetty12-1.0.2

org.apache.felix.http.jetty12-1.0.20

org.apache.felix.http.jetty12-1.0.4

org.apache.felix.http.jetty12-1.0.6

org.apache.felix.http.jetty12-1.0.8

org.apache.felix.http.webconsoleplugin-1.2.0

org.apache.felix.http.wrappers-1.0.4

org.apache.felix.http.wrappers-1.1.4

org.apache.felix.http.wrappers-1.1.6

org.apache.felix.http.wrappers-1.1.8

org.apache.felix.http.wrappers6-1.1.4

org.apache.felix.scr-2.2.10

org.apache.felix.scr-2.2.12

org.apache.felix.scr-2.2.8

org.apache.felix.webconsole-5.0.0

org.apache.felix.webconsole-5.0.2

org.apache.felix.webconsole-5.0.4

org.apache.felix.webconsole-5.0.6

org.apache.felix.webconsole-5.0.8

osgicheck-maven-plugin-0.*

osgicheck-maven-plugin-0.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25247.json"