Cross-site Scripting Vulnerability in Payara Platform Payara Server
CVE-2025-1534

6.8MEDIUM

Key Information:

Vendor: Payara Platform
Status: Payara Server
Vendor: CVE Published:; 1 April 2025

🔔 Create Payara Platform Vulnerability Alert

What is CVE-2025-1534?

The Payara Platform's Payara Server has a vulnerability that allows for improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS). This vulnerability enables remote attackers to execute arbitrary codes on the server, posing significant risks to web application security. It is crucial for users of Payara Server versions up to 4.1.2.191.51, 5.68.0, 6.23.0, and 6.2025.2 to update their systems to prevent potential exploitation and enhance security measures.

Affected Version(s)

Payara Server 4.1.2.1919.1 < 4.1.2.191.51

Payara Server 5.20.0 < 5.68.0

Payara Server 6.0.0 < 6.23.0

References

https://docs.payara.fish/enterprise/docs/Release%20Notes/...

release-notes

https://docs.payara.fish/community/docs/6.2025.3/Release%...

release-notes

https://www.gruppotim.it/it/footer/red-team.html

media-coverage

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Marco Ventura

Claudia Bartolini

Massimiliano Brolli