Reflected XSS Vulnerability in Revive Adserver by Revive Adserver LLC
CVE-2025-48987

6.3MEDIUM

Key Information:

Vendor: Revive
Status: Revive Adserver
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-48987?

An improper neutralization of input vulnerability in Revive Adserver versions 5.5.2 and 6.0.1, as well as earlier releases, may allow attackers to execute reflected cross-site scripting (XSS) attacks. This can lead to unauthorized actions being performed by users who unknowingly interact with maliciously crafted URLs. Securing input sanitization is crucial to mitigating these risks and ensuring the integrity of user interactions.

Affected Version(s)

Revive Adserver 6 <= 6.0.1

Revive Adserver 5 <= 5.5.2

Revive Adserver 6.0.2

References

https://hackerone.com/reports/3399191

CVSS V3.0

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
May 29, 2025

JSON