Cross-Site Scripting Vulnerability in Jastow by Red Hat
CVE-2025-12799

6.5MEDIUM

What is CVE-2025-12799?

A vulnerability exists in Jastow that exposes systems to Cross-Site Scripting (XSS) attacks. This flaw arises when a specific configuration allows unescaped characters within URLs when integrated with Undertow and Jastow. When this configuration is mismanaged, it can lead to improper handling of input data, opening the door for attackers to inject malicious scripts, potentially compromising the integrity and confidentiality of the server.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.