Cross-Site Scripting Vulnerability in Best Practical RT (Request Tracker)
CVE-2025-31500

6.1MEDIUM

Key Information:

Vendor: Bestpractical
Status: Rt
Vendor: CVE Published:; 28 May 2025

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2025-31500?

The vulnerability in Request Tracker versions 5.0 through 5.0.7 allows attackers to execute JavaScript code through malicious asset names. This could lead to unauthorized actions or expose sensitive user data. Users are advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

RT 5.0.0 < 5.0.8

References

https://docs.bestpractical.com/release-notes/rt/index.html

https://docs.bestpractical.com/release-notes/rt/5.0.8

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Mar 28, 2025

CVE-2025-31500 Data

JSON