CVE-2025-54057

Summary

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.

This issue affects Apache SkyWalking: <= 10.2.0.

Users are recommended to upgrade to version 10.3.0, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SkyWalking0 <= 10.2.0affected

Weaknesses

  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References