- Description
- RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 4.7
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-30219: RabbitMQ XSS fix for #SUSE Linux (CVSS 6.1). Patch via zypper/YaST. Details:👇https://t.co/5U48IArFDy #LinuxSecurity https://t.co/GgrDtBkGv0
@Cezar_H_Linux
12 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-30219 Alert! RabbitMQ 3.13 on SUSE/openSUSE has an XSS flaw (CVSS 6.1). Read more: 👇 https://t.co/APXdqSbVVD #InfoSec #SRE https://t.co/faZVBE8ARe
@Cezar_H_Linux
14 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware Sécurité, La vulnérabilité Tanzu CVE-2025-30219 peut entraîner l’exécution de code JavaScript arbitraire. Trois Bulletins de sécurité – Mises à jour des 28 et 29 avril 2025. https://t.co/kLOoSjYlBi
@NicolasCoolman
4 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30219 RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then ma… https://t.co/qDjFxhcscJ
@CVEnew
25 Mar 2025
550 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes