CVE-2025-5352
Published: 23 August 2025
Summary
CVE-2025-5352 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Lunary Lunary. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 45.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-5352, affects the Analytics component in lunary-ai/lunary versions up to 1.9.23. The issue stems from the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable being directly injected into the DOM using React's dangerouslySetInnerHTML without any sanitization or validation, enabling arbitrary JavaScript execution. This flaw, associated with CWE-79 and scored 9.6 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), was published on 2025-08-23.
An attacker who can control the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable—such as during deployment or through server compromise—can exploit this to inject malicious JavaScript that executes persistently in the browsers of all users. Successful exploitation allows complete account takeover, data exfiltration, malware distribution, and ongoing attacks impacting every user until the variable is cleaned.
The vulnerability is fixed in lunary-ai/lunary version 1.9.25, as detailed in the patching commit at https://github.com/lunary-ai/lunary/commit/e2e43e88cecf742bacb639ab880507bbfdfd065c and the associated Huntr bounty report at https://huntr.com/bounties/f1d3dbce-3c3e-480e-b81e-0e8afa05c491. Security practitioners should upgrade to the patched version and review environment variable configurations to mitigate risks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25632
Vulnerability details
A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows arbitrary JavaScript…
more
execution in all users' browsers if an attacker can control the environment variable during deployment or through server compromise. The vulnerability can lead to complete account takeover, data exfiltration, malware distribution, and persistent attacks affecting all users until the environment variable is cleaned. The issue is fixed in version 1.9.25.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, lunary
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS enables arbitrary JavaScript execution (T1059.007, T1203) in users' browsers, facilitating browser session hijacking (T1185), stealing web session cookies and credentials from browsers (T1539, T1555.003), and data exfiltration over C2 (T1041).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires filtering of output prior to rendering in browsers to prevent injection of unsanitized environment variables like NEXT_PUBLIC_CUSTOM_SCRIPT into the DOM via dangerouslySetInnerHTML.
Mandates validation and sanitization of inputs such as the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable before processing or insertion into web content to block arbitrary JavaScript execution.
Ensures timely identification, reporting, and remediation of flaws like this stored XSS vulnerability, including patching to version 1.9.25.