Open Source IDE Vulnerability in Bruno Affects API Testing
CVE-2025-30210

8.7HIGH

Key Information:

Vendor: Usebruno
Status: Bruno
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-30210?

The Bruno IDE, used for exploring and testing APIs, has a vulnerability that allows for potential XSS attacks. In versions before 1.39.1, the custom tool-tip components leverage react-tooltip, which mishandles content rendering by injecting raw HTML into the DOM upon hover. This security flaw is particularly concerning when users import collections from untrusted sources, where executing malicious scripts can lead to unauthorized actions. The exploit requires user interaction, specifically by hovering over the Environment name after opening a compromised collection. Users are advised to upgrade to version 1.39.1 or later to mitigate this risk.

Affected Version(s)

bruno >= 1.38.0, < 1.39.1

References

https://github.com/usebruno/bruno/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 18, 2025

CVE-2025-30210 Data

JSON

Usebruno

What is CVE-2025-30210?

Affected Version(s)

References

CVSS V4

Timeline