Cross-site Scripting Vulnerability in Lookyloo Web Interface
CVE-2025-65095

9.4CRITICAL

Key Information:

Vendor

Lookyloo

Status
Lookyloo
Vendor
CVE Published:
19 November 2025

What is CVE-2025-65095?

The Lookyloo web interface, which enables users to capture and visualize web pages and domains, contains a cross-site scripting vulnerability in its index and tree pages prior to version 1.35.1. This security flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions and data breaches. Users are advised to upgrade to version 1.35.1 or later, where this vulnerability has been addressed.

Affected Version(s)

lookyloo < 1.35.1

References

https://github.com/Lookyloo/lookyloo/security/advisories/...
x_refsource_CONFIRM
https://github.com/Lookyloo/lookyloo/commit/ac2f73dbfcad8...
x_refsource_MISC
https://github.com/Lookyloo/lookyloo/blob/main/website/we...
x_refsource_MISC

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-65095 : Cross-site Scripting Vulnerability in Lookyloo Web Interface