Stored XSS Vulnerability in Advertiser Navigation Box of Leading Ad Management Platform
CVE-2025-55126

6.5MEDIUM

Key Information:

Vendor: Revive
Status: Revive Adserver
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-55126?

A stored Cross-Site Scripting (XSS) vulnerability has been reported in a leading ad management platform. This issue arises from the navigation box located at the top of advertiser-related pages, with campaign names being utilized as the attack vector. The vulnerability allows malicious actors to inject harmful scripts, potentially leading to unauthorized access, data theft, and a compromised user experience. Organizations using this platform are advised to implement security measures promptly to safeguard against potential exploitation.

Affected Version(s)

Revive Adserver 6 <= 6.0.2

Revive Adserver 6.0.3

References

https://hackerone.com/reports/3411750

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Aug 7, 2025

JSON