Cyber Posture

CVE-2025-5352

CriticalPublic PoC

Published: 23 August 2025

Published
23 August 2025
Modified
26 November 2025
KEV Added
Patch
CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0019 40.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5352 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Lunary Lunary. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 40.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 5 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

Requires filtering of output prior to rendering in browsers to prevent injection of unsanitized environment variables like NEXT_PUBLIC_CUSTOM_SCRIPT into the DOM via dangerouslySetInnerHTML.

SI-10 Information Input Validation good match
prevent

Mandates validation and sanitization of inputs such as the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable before processing or insertion into web content to block arbitrary JavaScript execution.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and remediation of flaws like this stored XSS vulnerability, including patching to version 1.9.25.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
attack.mitre.org →
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
T1555.003 Credentials from Web Browsers Credential Access
Adversaries may acquire credentials from web browsers by reading files specific to the target browser.
attack.mitre.org →
T1041 Exfiltration Over C2 Channel Exfiltration
Adversaries may steal data by exfiltrating it over an existing command and control channel.
attack.mitre.org →
Why these techniques?

Stored XSS enables arbitrary JavaScript execution (T1059.007, T1203) in users' browsers, facilitating browser session hijacking (T1185), stealing web session cookies and credentials from browsers (T1539, T1555.003), and data exfiltration over C2 (T1041).

NVD Description

A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows arbitrary JavaScript…

more

execution in all users' browsers if an attacker can control the environment variable during deployment or through server compromise. The vulnerability can lead to complete account takeover, data exfiltration, malware distribution, and persistent attacks affecting all users until the environment variable is cleaned. The issue is fixed in version 1.9.25.

Deeper analysisAI

A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-5352, affects the Analytics component in lunary-ai/lunary versions up to 1.9.23. The issue stems from the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable being directly injected into the DOM using React's dangerouslySetInnerHTML without any sanitization or validation, enabling arbitrary JavaScript execution. This flaw, associated with CWE-79 and scored 9.6 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), was published on 2025-08-23.

An attacker who can control the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable—such as during deployment or through server compromise—can exploit this to inject malicious JavaScript that executes persistently in the browsers of all users. Successful exploitation allows complete account takeover, data exfiltration, malware distribution, and ongoing attacks impacting every user until the variable is cleaned.

The vulnerability is fixed in lunary-ai/lunary version 1.9.25, as detailed in the patching commit at https://github.com/lunary-ai/lunary/commit/e2e43e88cecf742bacb639ab880507bbfdfd065c and the associated Huntr bounty report at https://huntr.com/bounties/f1d3dbce-3c3e-480e-b81e-0e8afa05c491. Security practitioners should upgrade to the patched version and review environment variable configurations to mitigate risks.

Details

CWE(s)
CWE-79

Affected Products

lunary
lunary
≤ 1.9.25

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Lunary.ai is an open-source observability and analytics platform for production LLM applications, fitting the Enterprise AI Assistants category as it supports enterprise-level AI/LLM monitoring and management.

CVEs Like This One

CVE-2024-9095Same product: Lunary Lunary
CVE-2025-9803Same product: Lunary Lunary
CVE-2024-9099Same product: Lunary Lunary
CVE-2024-9096Same product: Lunary Lunary
CVE-2024-8999Same product: Lunary Lunary
CVE-2024-8998Same product: Lunary Lunary
CVE-2024-5386Same product: Lunary Lunary
CVE-2024-7044Shared CWE-79
CVE-2025-23668Shared CWE-79
CVE-2025-26210Shared CWE-79

References