CVE-2025-65465
Reflected XSS in Skrol29 TbsZip 2.17 Allows Script Execution
Publication date: 2026-03-02
Last updated on: 2026-03-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| skrol29 | tbszip | to 2.18 (exc) |
| skrol29 | tbszip | 2.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-65465 is a reflected Cross-Site Scripting (XSS) vulnerability found in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier. This vulnerability occurs because the error message generated by the RaiseError function does not properly sanitize user input, specifically the filename parameter used in functions like FileRead.'}, {'type': 'paragraph', 'content': "When a remote attacker crafts a malicious payload containing script code within the filename parameter and triggers an error (such as requesting a non-existent file), the unsanitized input is reflected back in the error message. This allows the attacker to execute arbitrary web scripts or HTML in the context of the user's browser."}, {'type': 'paragraph', 'content': 'This vulnerability was fixed in version 2.18 of TbsZip by properly sanitizing error messages to prevent script injection.'}] [2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This reflected XSS vulnerability can allow remote attackers to execute arbitrary scripts in the context of a user's browser when they interact with the vulnerable application. This can lead to several impacts including:"}, {'type': 'list_item', 'content': 'Theft of sensitive information such as cookies, session tokens, or other credentials.'}, {'type': 'list_item', 'content': 'Performing actions on behalf of the user without their consent (session hijacking).'}, {'type': 'list_item', 'content': 'Defacement or manipulation of the web interface.'}, {'type': 'list_item', 'content': 'Potential delivery of malware or phishing attacks through injected scripts.'}, {'type': 'paragraph', 'content': 'Overall, this vulnerability can compromise the security and trustworthiness of the affected web application and its users.'}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing for reflected Cross-Site Scripting (XSS) in the RaiseError function of Skrol29 TbsZip versions 2.17 and earlier. A practical method is to send a crafted HTTP GET request with a script payload in the filename parameter and observe if the payload is reflected unsanitized in the error message.'}, {'type': 'paragraph', 'content': 'For example, you can use a command like the following to test for the vulnerability:'}, {'type': 'list_item', 'content': 'curl -i "http://[your-server]/xss.php?zip=test.zip&file=<script>alert(\'XSS\');</script>"'}, {'type': 'paragraph', 'content': 'If the response contains the injected script code without proper sanitization, the system is vulnerable to CVE-2025-65465.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Skrol29 TbsZip to version 2.18 or later, where the vulnerability has been fixed by properly sanitizing error messages in the RaiseError function.
Until the upgrade can be applied, avoid using untrusted input in the filename parameter or ensure that input is properly sanitized before being processed by the vulnerable functions.