CVE-2025-53838
BaseFortify
Publication date: 2025-09-08
Last updated on: 2025-10-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linkace | linkace | to 2.1.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53838 is a stored one-click Cross-Site Scripting (XSS) vulnerability in LinkAce versions prior to 2.1.9. It occurs because the application does not properly filter and escape user-supplied data inserted into link attributes. An attacker can inject arbitrary JavaScript code into a link, which is stored in the database. When a user clicks the malicious link, the injected script executes in the user's browser context without requiring any further interaction. This allows the attacker to perform actions such as stealing session tokens, conducting phishing attacks, or manipulating page content. [1]
How can this vulnerability impact me? :
This vulnerability can lead to full JavaScript execution in the context of the affected user's browser. An attacker can steal session tokens, perform Cross-Site Request Forgery (CSRF), manipulate page content, and conduct phishing attacks. The impact is especially severe for users with elevated privileges or access to sensitive data, as it can compromise confidentiality and integrity of information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your LinkAce instance is running a version prior to 2.1.9 and by testing whether the application accepts and stores URLs with JavaScript schemes (e.g., javascript:alert(1)). A practical detection method is to attempt updating or creating a link with a URL containing JavaScript code and observing if it is accepted and executed when clicked. For example, you can use a curl command to send a POST request to update a link with a malicious URL payload and check the response for acceptance or validation errors. Example command: curl -X POST -d 'url=javascript:alert(1)' https://your-linkace-instance/links/{link_id}/update -H 'Authorization: Bearer <token>' -v. If the request is accepted and the link executes JavaScript when clicked, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade LinkAce to version 2.1.9 or later, where the vulnerability is fixed by enforcing strict URL validation that rejects non-URL values such as JavaScript schemes. Additionally, ensure that your instance validates and sanitizes user-supplied URLs to prevent malicious JavaScript injection. If upgrading immediately is not possible, consider implementing strict input validation on URLs and restricting user permissions to limit exposure. [1, 2]