Cross-Site Scripting Vulnerability in Revive Adserver by Revive Adserver
CVE-2025-55123

3.5LOW

Key Information:

Vendor

Revive

Status
Revive Adserver
Vendor
CVE Published:
20 November 2025

What is CVE-2025-55123?

Revive Adserver versions 5.5.2, 6.0.1, and prior are susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises from improper neutralization of user input, enabling manager accounts to potentially execute malicious XSS attacks targeting their own advertiser users. This vulnerability compromises the integrity of the advertising platform and could result in unauthorized actions or data exposure.

Affected Version(s)

Revive Adserver 6 <= 6.0.1

Revive Adserver 5 <= 5.5.2

Revive Adserver 6.0.2

References

https://hackerone.com/reports/3404968

CVSS V3.0

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-55123 : Cross-Site Scripting Vulnerability in Revive Adserver by Revive Adserver