XSS Vulnerability in Pi-hole Admin Interface by Pi-hole

CVE-2025-32785

What is CVE-2025-32785?

The Pi-hole Admin Interface, essential for managing the Pi-hole ad-blocking application, is susceptible to a cross-site scripting (XSS) vulnerability. This issue arises in versions prior to 6.3, specifically in the Address field within the Subscribed Lists group management. An authenticated user can exploit this weakness by injecting malicious JavaScript through a crafted payload while creating or editing list entries. When another user accesses the Tools section and triggers a gravity database update, the inserted JavaScript executes, due to inadequate input sanitization in the Address field. This vulnerability emphasizes the critical importance of implementing robust validation measures to prevent unsanitized input from potentially compromising user accounts. Users are advised to update to version 6.3 or later to remediate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References