CVE-2025-53084
Published: 24 July 2025
Summary
CVE-2025-53084 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Wwbn Avideo. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Filters the videosList page parameter output to prevent arbitrary JavaScript execution in the victim's browser context.
Validates specially crafted HTTP request inputs for the videosList page parameter to reject malicious JavaScript payloads.
Remediates the specific XSS flaw in AVideo's videosList functionality through timely patching and flaw correction.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored/reflected XSS enables arbitrary JS execution in authenticated victim's browser context, directly facilitating session hijacking and web session cookie theft.
NVD Description
A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit…
more
a webpage to trigger this vulnerability.
Deeper analysisAI
CVE-2025-53084 is a cross-site scripting (XSS) vulnerability in the videosList page parameter functionality of WWBN AVideo version 14.4 and the dev master commit 8a8954ff. The flaw allows a specially crafted HTTP request to lead to arbitrary JavaScript execution, as classified under CWE-79. It has a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to network accessibility, low attack complexity, and high impacts across confidentiality, integrity, and availability with changed scope.
An attacker with low privileges (PR:L), such as an authenticated user, can exploit this vulnerability by tricking a victim into visiting a malicious webpage. User interaction (UI:R) is required to trigger the issue, after which the crafted request executes arbitrary JavaScript in the victim's browser context, potentially leading to session hijacking, data theft, or further compromise.
Mitigation details and additional technical information are available in the Cisco Talos Intelligence advisory TALOS-2025-2206 at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2206.
Details
- CWE(s)