Cross-Site Scripting Vulnerability in Heimdall by LinuxServer.io
CVE-2025-54597

7.2HIGH

Key Information:

Vendor: Linuxserver
Status: Heimdall
Vendor: CVE Published:; 27 July 2025

🔔 Create Linuxserver Vulnerability Alert

What is CVE-2025-54597?

Heimdall prior to version 2.7.3 is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to exploit the 'q' parameter. This could enable malicious scripts to be executed in the context of a user’s browser when accessing affected functions. It is essential for users to upgrade to version 2.7.3 or later to mitigate this risk and enhance web application security. For more information, visit the GitHub commit and the release comparison.

Affected Version(s)

Heimdall 0 < 2.7.3

References

https://github.com/linuxserver/Heimdall/commit/d1a96dd752...

https://github.com/linuxserver/Heimdall/compare/v2.7.2......

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2025
Vulnerability Reserved
Jul 27, 2025