CVE-2025-54597
BaseFortify
Publication date: 2025-07-27
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxserver | heimdall_application_dashboard | to 2.7.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site scripting (XSS) issue in LinuxServer.io Heimdall versions before 2.7.3. It occurs because the application did not properly sanitize the 'q' parameter used in search queries, allowing attackers to inject malicious scripts. The vulnerability was fixed by sanitizing user input with htmlspecialchars and escaping output in forms to prevent script injection. [1]
How can this vulnerability impact me? :
This XSS vulnerability can allow attackers to execute malicious scripts in the context of the user's browser when they interact with the vulnerable search functionality. This can lead to theft of user credentials, session hijacking, or unauthorized actions performed on behalf of the user, compromising the security and integrity of the application and its users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a cross-site scripting (XSS) issue in the Heimdall application via the 'q' parameter. Detection can involve monitoring HTTP requests to the Heimdall server for suspicious or malicious script content in the 'q' parameter. You can use web server logs or network traffic capture tools like tcpdump or Wireshark to filter requests containing the 'q' parameter. For example, using grep on web server logs: `grep 'q=' /path/to/access.log` to find requests with the parameter, then manually inspect for suspicious script tags or payloads. Additionally, using automated web vulnerability scanners that test for XSS in query parameters against the Heimdall instance can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Heimdall to version 2.7.3 or later, where the vulnerability is fixed by sanitizing and escaping the 'q' parameter and other user inputs to prevent XSS. If upgrading is not immediately possible, consider implementing web application firewall (WAF) rules to block or sanitize requests containing suspicious scripts in the 'q' parameter. Also, restrict access to the Heimdall application to trusted users or networks until the patch can be applied. [1]