CVE-2025-25477HIGH 8.1EPSS p30.5%

CVE-2025-25477CVE-2025-25477

Description

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS0.39% probability of exploitation · percentile 30.5% · 2026-06-19T12:03:05Z
Published2025-02-28
Last modified2025-07-09

Underlying weaknesses· 1

CWE-74

References

  1. https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25477

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-740%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35466
CVE
CVE-2025-24297
CVE
CVE-2025-67397
CVE
CVE-2025-25535
CVE
CVE-2025-29902
CVE
SimpleHelp Path Traversal Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.