Cross-Site Scripting Vulnerability in Znuny ITSM by Znuny
CVE-2025-52204

6.1MEDIUM

Key Information:

Vendor: Znuny
Status: Znuny ITSM
Vendor: CVE Published:; 23 March 2026

What is CVE-2025-52204?

A Cross-Site Scripting (XSS) vulnerability has been identified in Znuny ITSM version 6.5.x, specifically impacting the customer.pl endpoint through the OTRSCustomerInterface parameter. This security flaw allows malicious actors to inject arbitrary scripts, which can result in unauthorized access to sensitive data and user sessions. Organizations using this version of Znuny ITSM should take immediate steps to mitigate the risk associated with this vulnerability.

References

http://znuny.com

http://znunyitsm.com

https://github.com/j0qq3r/CVE-2025-52204

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Jun 16, 2025

CVE-2025-52204 Data

JSON