CVE-2025-32785
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2025-12-18

Assigner: GitHub, Inc.

Description
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management section. An authenticated user can inject malicious JavaScript by adding a payload to the Address field when creating or editing a list entry. The vulnerability is triggered when another user navigates to the Tools section and performs a gravity database update. The Address field does not properly sanitize input, allowing special characters and script tags to bypass validation. This has been patched in version 6.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-32785
EUVD
EUVD-2025-36328
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pi-hole web_interface to 6.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site scripting (XSS) issue in the Pi-hole Admin Interface versions prior to 6.3. An authenticated user can inject malicious JavaScript code into the Address field in the Subscribed Lists group management section. The injected script is executed when another user navigates to the Tools section and performs a gravity database update. The root cause is that the Address field does not properly sanitize input, allowing special characters and script tags to bypass validation. This vulnerability has been fixed in version 6.3.

Impact Analysis

This vulnerability can allow an authenticated user to execute malicious JavaScript in the context of another user's browser session. This could lead to unauthorized actions, data theft, or session hijacking within the Pi-hole Admin Interface. The impact depends on the privileges of the affected users and the nature of the injected script.

Mitigation Strategies

Upgrade the Pi-hole Admin Interface to version 6.3 or later, as this version contains the patch that fixes the cross-site scripting vulnerability in the Address field of the Subscribed Lists group management section. Additionally, restrict authenticated user access to trusted individuals to minimize risk until the upgrade is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-32785. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart