Cross-Site Scripting Vulnerability in ChatLuck by ChatLuck Inc.
CVE-2025-58115

5.3MEDIUM

Key Information:

Vendor: Neojapan Inc.
Status: Chatluck
Vendor: CVE Published:; 16 October 2025

🔔 Create Neojapan Inc. Vulnerability Alert

What is CVE-2025-58115?

ChatLuck is susceptible to a cross-site scripting (XSS) vulnerability in its Guest User Sign-up feature, enabling attackers to run arbitrary scripts in a user's web browser. If exploited, this flaw could lead to unauthorized data access or undesirable actions being taken on behalf of the user. It is vital for users and administrators to understand the risks associated with this vulnerability and take appropriate measures to secure their environments.

Affected Version(s)

ChatLuck V3.6 R1.0 to V6.6 R1.0

References

https://www.chatluck.com/support/package/mainte/pchatluck...

https://jvn.jp/en/jp/JVN13030751/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Sep 2, 2025

JSON