CVE-2025-54597
Published: 27 July 2025
Summary
CVE-2025-54597 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Linuxserver Heimdall Application Dashboard. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 21.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
LinuxServer.io Heimdall versions before 2.7.3 contain a cross-site scripting vulnerability (CWE-79) that can be triggered via the q parameter. The flaw received a CVSS 3.1 score of 7.2 with the vector AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N, indicating a network-reachable issue without authentication requirements.
An unauthenticated remote attacker can supply crafted input through the q parameter to execute arbitrary scripts in the context of other users or sessions, achieving limited confidentiality and integrity effects because of the changed scope.
The referenced GitHub commit d1a96dd752ba30dc56380400dd2587d8abb8e9d1 and the v2.7.2-to-v2.7.3 diff document the corrective change, showing that updating to Heimdall 2.7.3 or later resolves the exposure. The associated EPSS values remain low, with a current score of 0.0112 and a peak of 0.0142.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22806
Vulnerability details
LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.