Cyber Resilience

CVE-2025-54597

High

Published: 27 July 2025

Published
27 July 2025
Modified
07 August 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score 0.0112 78.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54597 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Linuxserver Heimdall Application Dashboard. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 21.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

LinuxServer.io Heimdall versions before 2.7.3 contain a cross-site scripting vulnerability (CWE-79) that can be triggered via the q parameter. The flaw received a CVSS 3.1 score of 7.2 with the vector AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N, indicating a network-reachable issue without authentication requirements.

An unauthenticated remote attacker can supply crafted input through the q parameter to execute arbitrary scripts in the context of other users or sessions, achieving limited confidentiality and integrity effects because of the changed scope.

The referenced GitHub commit d1a96dd752ba30dc56380400dd2587d8abb8e9d1 and the v2.7.2-to-v2.7.3 diff document the corrective change, showing that updating to Heimdall 2.7.3 or later resolves the exposure. The associated EPSS values remain low, with a current score of 0.0112 and a peak of 0.0142.

EU & UK References

Vulnerability details

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linuxserver
heimdall application dashboard
≤ 2.7.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References