Cross Site Scripting Vulnerability in Mist Community Edition
CVE-2025-5411

5.1MEDIUM

Key Information:

Vendor

Mist

Status
Community Edition
Vendor
CVE Published:
1 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-5411?

A vulnerability exists in Mist Community Edition versions up to 4.7.1, where an issue in the tag_resources function of src/mist/api/tag/views.py allows for cross site scripting. Attackers can manipulate the tag argument, leading to potential remote exploitation. It is crucial for users to upgrade to version 4.7.2, which includes a patch addressing this vulnerability (commit db10ecb62ac832c1ed4924556d167efb9bc07fad).

Affected Version(s)

Community Edition 4.7.0

Community Edition 4.7.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-5411 - Proof of Concept

References

https://vuldb.com/?id.310751
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310751
signaturepermissions-required
https://vuldb.com/?submit.583533
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alex Perrakis
Efstratios Chatzoglou
Georgios Kambourakis
alexperrakis (VulDB User)
.