CVE Catalog

CVE-2025-51053

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary JavaScript or HTML code, potentially leading to code execution in the victim's browser.

Risk Assessment

The risk includes session hijacking, account takeover, or unauthorized actions performed in the context of a logged-in administrator, potentially leading to data leakage or system integrity compromise.

Recommendation

Immediately update Vedo Suite to the latest patched version and implement input filtering and encoding in API endpoints to prevent script injection.

Original NVD description (English source)

A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS