Cross-Site Scripting in PingFederate Administrative Console by Ping Identity
CVE-2024-25573

6.9MEDIUM

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 15 June 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2024-25573?

A vulnerability exists in the PingFederate Administrative Console where unsanitized user-supplied data can lead to the execution of JavaScript code during user interactions. This security flaw could potentially compromise user data integrity and facilitate unauthorized actions, making it crucial for administrators to apply the latest patches and updates to protect their systems.

Affected Version(s)

PingFederate Windows 12.1.0 <= 12.1.4

PingFederate Windows 12.0.0 <= 12.0.6

PingFederate Windows 11.3.0 <= 11.3.9

References

https://docs.pingidentity.com/pingfederate/12.1/release_n...

release-notes

https://www.pingidentity.com/en/resources/downloads/pingf...

patch

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Feb 29, 2024