Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG
CVE-2025-11147

5.1MEDIUM

Key Information:

Vendor

Apt-cacher-ng

Status
Apt-cacher-ng
Vendor
CVE Published:
29 September 2025

What is CVE-2025-11147?

Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts (XSS) to be executed in “/html/.html”.

Affected Version(s)

Apt-Cacher-NG 3.2.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pablo Lago RomanĂ­
JSON
.
CVE-2025-11147 : Reflected Cross-Site Scripting in Apt-Cacher-NG by Aptitude