CVE Catalog

CVE-2025-65621

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

A stored XSS vulnerability in Snipe-IT before version 8.3.4 allows a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.

Risk Assessment

An attacker can hijack an administrator session, gaining full control over the IT asset management system, leading to data leakage and configuration integrity compromise.

Recommendation

Immediately upgrade Snipe-IT to version 8.3.4 or later, which includes a fix for the stored XSS vulnerability.

Original NVD description (English source)

Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS