CVE-2025-8319

Summary

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter

Affected Software

VendorProductVersion RangeStatus
BarracudaBarracuda Message Archiver5.4.2.002 < 5.4.2.002affected

Weaknesses

  • CWE-79 Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References