CVE-2025-31510
Published: 16 January 2026
Summary
CVE-2025-31510 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Ow2 (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-31510 is a cross-site scripting (XSS) vulnerability, classified as CWE-79, affecting the portal component in LemonLDAP::NG versions before 2.21.0. It enables remote attackers to inject arbitrary web script or HTML into the login page via the "tab" parameter during Choice authentication. The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) and was published on 2026-01-16T18:16:07.363.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction. By supplying a malicious "tab" parameter value, they can inject scripts into the login page viewed by other users, achieving low impacts on confidentiality and integrity due to the changed scope.
Advisories recommend upgrading to LemonLDAP::NG 2.21.0 or later to mitigate the issue. Relevant details appear in the LemonLDAP::NG GitLab issue at https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/04/msg00017.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2905
Vulnerability details
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in public-facing portal directly enables exploitation of the web app (T1190) and arbitrary JavaScript execution in victim browsers (T1059.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted inputs such as the tab parameter before it is rendered in the login page, blocking the CWE-79 XSS injection.
Requires filtering/encoding of application outputs so that script supplied via the tab parameter cannot execute when the Choice-authentication page is rendered to users.
Can deploy web-application-layer malicious-code filters or signatures that recognize and block reflected XSS payloads targeting the portal login page.