CVE-2025-7053

3.5 LOW
Published: July 04, 2025 Modified: October 01, 2025
View on NVD

Description

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.11.4 is able to address this issue. The patch is named bdcd5e3bc651c0839c7eea807f3eb6af856dbc76. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. A patch and new release was made available very quickly.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/Cockpit-HQ/Cockpit/commit/bdcd5e3bc651c0839c7eea807f3eb6af856dbc76
Source: cna@vuldb.com
Patch
https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.11.4
Source: cna@vuldb.com
Release Notes
https://vuldb.com/?ctiid.314819
Source: cna@vuldb.com
Permissions Required VDB Entry
https://vuldb.com/?id.314819
Source: cna@vuldb.com
Third Party Advisory VDB Entry
https://vuldb.com/?submit.605594
Source: cna@vuldb.com
Exploit Third Party Advisory VDB Entry
https://vuldb.com/?submit.605594
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit Third Party Advisory VDB Entry

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.5 / 10.0
EPSS (Exploit Probability)
0.0%
10th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79 CWE-94 CWE-79

Affected Vendors

agentejo

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3