AI description
CVE-2025-54057 is a stored cross-site scripting (XSS) vulnerability found in Apache SkyWalking versions up to and including 10.2.0. It stems from the improper neutralization of script-related HTML tags in a web page. This allows attackers to inject malicious code directly into the application, which is then stored and executed when other users access the affected page. The injected scripts run within users' browsers with the same privileges as legitimate application code. By exploiting this flaw, attackers could steal sensitive information like login credentials, session tokens, and personal data. They could also impersonate legitimate users, gain unauthorized access to accounts, and potentially compromise the entire application and its underlying data infrastructure. Version 10.3.0 addresses the vulnerability.
- Description
- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- skywalking
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@apache.org
- CWE-80
- Hype score
- Not currently trending
Security Alert: Apache SkyWalking Stored XSS Vulnerability (CVE-2025-54057) https://t.co/QdOhf9PxPd
@CrowdCyber_Com
30 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54057: Apache SkyWalking Stored XSS Vulnerability 🔗FOFA Link: https://t.co/EXwSf85yd5 🎯2.6k+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="APACHE-Skywalking" 🔖Refer: https://t.co/VBKO3N1q5g #OSINT #FOFA #CyberSecurit
@fofabot
27 Nov 2025
2098 Impressions
3 Retweets
35 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-54057 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: <= 10.2.0. U… https://t.co/75AIZP9HYg
@CVEnew
27 Nov 2025
310 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-54057 🖥️ Apache SkyWalking stored XSS vulnerability 💬 allows attackers to inject malicious JavaScript into SkyWalking UI fields, leading to persistent XSS, session hijacking, and unauthorized actions when admins view compromised pages. 🔗 https://t.co/p
@ransomnews
27 Nov 2025
195 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54057 CVE-2025-54057 https://t.co/EQHl3NoLNg
@VulmonFeeds
27 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:skywalking:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "802C6A2F-36AC-40A6-AE35-9BD58BFC462A",
"versionEndExcluding": "10.3.0"
}
],
"operator": "OR"
}
]
}
]