Reflected Cross-Site Scripting Vulnerability in Revive Adserver by Revive
CVE-2025-27208

6.3MEDIUM

Key Information:

Vendor: Revive
Status: Revive Adserver
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-27208?

A reflected Cross-Site Scripting (XSS) vulnerability has been found in Revive Adserver version 5.5.2, allowing attackers to manipulate URLs to execute malicious JavaScript code in the browser of a user who accesses the admin interface. This vulnerability exploits the compact parameter in the admin-search.php file, enabling unauthorized actions without accessing session cookies. Users should take caution and verify the integrity of URLs before interacting with them.

Affected Version(s)

Revive Adserver 5.5.2

Revive Adserver 6.0.0

References

https://hackerone.com/reports/3091390

CVSS V3.0

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Feb 20, 2025

CVE-2025-27208 Data

JSON