Cross-site Scripting Vulnerability in Payara Platform Payara Server
CVE-2025-1534

6.8MEDIUM

Key Information:

Vendor

Payara Platform

Status
Payara Server
Vendor
CVE Published:
1 April 2025

What is CVE-2025-1534?

The Payara Platform's Payara Server has a vulnerability that allows for improper neutralization of input during web page generation, leading to Cross-site Scripting (XSS). This vulnerability enables remote attackers to execute arbitrary codes on the server, posing significant risks to web application security. It is crucial for users of Payara Server versions up to 4.1.2.191.51, 5.68.0, 6.23.0, and 6.2025.2 to update their systems to prevent potential exploitation and enhance security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Payara Server 4.1.2.1919.1 < 4.1.2.191.51

Payara Server 5.20.0 < 5.68.0

Payara Server 6.0.0 < 6.23.0

References

https://docs.payara.fish/enterprise/docs/Release%20Notes/...
release-notes
https://docs.payara.fish/community/docs/6.2025.3/Release%...
release-notes
https://www.gruppotim.it/it/footer/red-team.html
media-coverage

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marco Ventura
Claudia Bartolini
Massimiliano Brolli
JSON
.