Cross Site Scripting Vulnerability in QuantumNous New-API Product
CVE-2025-55573

8.8HIGH

Key Information:

Vendor

QuantumNous

Status
new-api
Vendor
CVE Published:
22 August 2025

What is CVE-2025-55573?

The new-api version 0.8.5.2 from QuantumNous is susceptible to a Cross Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages viewed by users. This exposure can lead to unauthorized access and exploitation of sensitive user data, making it essential for users to update their systems and implement robust security measures.

References

https://github.com/QuantumNous/new-api
https://github.com/zh0u9527/docs/blob/master/new-api-wp.md

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-55573 : Cross Site Scripting Vulnerability in QuantumNous New-API Product