Cross-Site Scripting in PingFederate Administrative Console by Ping Identity
CVE-2024-25573

6.9MEDIUM

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 15 June 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2024-25573?

A vulnerability exists in the PingFederate Administrative Console where unsanitized user-supplied data can lead to the execution of JavaScript code during user interactions. This security flaw could potentially compromise user data integrity and facilitate unauthorized actions, making it crucial for administrators to apply the latest patches and updates to protect their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PingFederate Windows 12.1.0 <= 12.1.4

PingFederate Windows 12.0.0 <= 12.0.6

PingFederate Windows 11.3.0 <= 11.3.9

References

https://docs.pingidentity.com/pingfederate/12.1/release_n...

release-notes

https://www.pingidentity.com/en/resources/downloads/pingf...

patch

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Feb 29, 2024

JSON

Ping Identity