Cross-Site Scripting Vulnerability in Chat Rooms of ChatLuck Product
CVE-2025-53858

4.8MEDIUM

Key Information:

Vendor: Neojapan Inc.
Status: Chatluck
Vendor: CVE Published:; 16 October 2025

🔔 Create Neojapan Inc. Vulnerability Alert

What is CVE-2025-53858?

ChatLuck is impacted by a cross-site scripting vulnerability located in its chat rooms feature. When users access compromised chat rooms, unauthorized scripts may be executed within their web browsers, potentially leading to data theft, account compromise, or other malicious activities initiated by an attacker. This vulnerability underscores the importance of thorough input validation and security practices within web applications to safeguard user interactions.

Affected Version(s)

ChatLuck V6.6 R2.0 and earlier

References

https://www.chatluck.com/support/package/mainte/pchatluck...

https://jvn.jp/en/jp/JVN13030751/

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Sep 2, 2025

JSON