AI description
CVE-2025-5138 is a vulnerability found in Bitwarden versions up to 2.25.1. It affects the PDF File Handler component, where manipulation leads to a cross-site scripting (XSS) vulnerability. The attack can be launched remotely, and the exploit has been publicly disclosed. The vendor was notified about the vulnerability but reportedly did not respond.
- Description
- A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 3.5
- Impact score
- 1.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- cna@vuldb.com
- CWE-79
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
37
ITmediaにも取り上げられていた。繰り返しますが、BitwardenのCVE-2025-5138は有効な脆弱性かどうか疑わしいです。PDF内のXSSは基本XSSとして機能しません。報告者のPoCはPDF内でalert関数を呼ぶだけのものであり、実際
@Satoooon1024
28 May 2025
23513 Impressions
56 Retweets
121 Likes
32 Bookmarks
1 Reply
3 Quotes
1/2🚨CVE-2025-5138: PDF XSS vulnerability in file upload function of Bitwarden PoC: https://t.co/Ni7WcBR0UM https://t.co/evkIlkMO7N
@DarkWebInformer
27 May 2025
5232 Impressions
7 Retweets
31 Likes
5 Bookmarks
1 Reply
0 Quotes
⚡️The vulnerability details are now available: https://t.co/dAhxSh67sn 🚨🚨CVE-2025-5138: Bitwarden PDF XSS Vulnerability A critical DOM-based XSS flaw in Bitwarden lets attackers embed malicious JavaScript in PDFs opened via the interface. This could compromise session
@zoomeye_team
27 May 2025
1196 Impressions
7 Retweets
13 Likes
5 Bookmarks
0 Replies
1 Quote
🚨Alert🚨 CVE-2025-5138:PDF XSS Vulnerability in File Upload Function of Bitwarden 🔥PoC :https://t.co/f7qxZEX6FE 📊 218K+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/Ffn9c0NUFf 👇Query HUNTER : https://t.co/q9rtuGfZuz="Bitwarde
@HunterMapping
27 May 2025
3759 Impressions
30 Retweets
76 Likes
41 Bookmarks
0 Replies
0 Quotes
🔒 Bitwarden's CVE-2025-5138 vulnerability reminds us that even the best password vaults can have cracks! Stay alert and patch up those digital defenses! #CyberSecurity #Bitwarden #PasswordProtection https://t.co/P1f1hxe5wK
@windowsforum
26 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5138 https://t.co/YhN9ES193A 見てもよくわからんなあ。脆弱性対象の「A vulnerability was found in Bitwarden up to 2.25.1.」って何? Bitwardenのバージョン形式って2025.5.0みたいな日付形式 https://t.co/FTl2seuOZI なのでどれが影
@piwahup
26 May 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
人気のパスワード管理サービスBitwardenに深刻なXSS脆弱性(CVE-2025-5138)が発見された。悪意あるPDFファイルを通じてクロスサイトスクリプティング攻撃が可能となる。
@yousukezan
26 May 2025
8628 Impressions
27 Retweets
62 Likes
28 Bookmarks
0 Replies
3 Quotes
パスワードマネージャーBitwardenにクロスサイトスクリプティングの脆弱性。CVE-2025-5138はJavaScriptが埋め込まれた細工されたPDFファイルをアップロード可能で、ChromeでWebからアクセスすると、Bitwardenのドメイン
@__kokumoto
26 May 2025
9625 Impressions
72 Retweets
101 Likes
31 Bookmarks
0 Replies
5 Quotes
CVE-2025-5138 A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PD… https://t.co/OHbHmu7JeN
@CVEnew
25 May 2025
495 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5138 Cross-Site Scripting in Bitwarden PDF File Handler Before 2.25.1 https://t.co/VBvzMqZ0xj
@VulmonFeeds
25 May 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes