Cross-Site Scripting Flaw in NightWolf Penetration Testing Platform
CVE-2025-31165

6.9MEDIUM

Key Information:

Vendor: Fpt Software
Status: Nightwolf Penetration Platform
Vendor: CVE Published:; 27 March 2025

🔔 Create Fpt Software Vulnerability Alert

What is CVE-2025-31165?

A Cross-Site Scripting (XSS) vulnerability exists in the Logbug module of NightWolf Penetration Testing Platform 1.2.2, which allows attackers to inject and execute malicious JavaScript code via the markdown editor feature. This could lead to unauthorized actions or data exposure for users interacting with the affected application.

Affected Version(s)

NightWolf Penetration Platform 1.2.2

NightWolf Penetration Platform 1.2.3

References

https://bug.report.night-wolf.io/changelogs

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025

CVE-2025-31165 Data

JSON