CVE-2025-11360
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2025-10-08

Assigner: VulDB

Description
A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to version 1.13.2 is sufficient to resolve this issue. The patch is identified as e11de9dd6b4ea6b7ec9a5607a920d48961e9fa50. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11360
EUVD
EUVD-2025-32104
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jakowenko double-take 1.13.2
jakowenko double-take 1.13.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the jakowenko double-take software up to version 1.13.1, specifically in the app.use function of the API component. It involves the manipulation of the X-Ingress-Path argument, which can lead to a cross-site scripting (XSS) attack. This means an attacker can remotely inject malicious scripts into the application, potentially affecting users who interact with it. The issue is fixed by upgrading to version 1.13.2.

Impact Analysis

The vulnerability allows remote attackers to perform cross-site scripting (XSS) attacks by manipulating the X-Ingress-Path argument. This can lead to the execution of malicious scripts in the context of users' browsers, potentially resulting in unauthorized actions, session hijacking, or other malicious activities. It impacts the integrity of the application and the security of its users.

Mitigation Strategies

Upgrade the affected jakowenko double-take component to version 1.13.2, as this version contains the patch that resolves the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11360. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart