Cross-Site Scripting Vulnerability in Cockpit by Cockpit Project
CVE-2025-7053

3.5LOW

Key Information:

Vendor: Cockpit Project
Status: Cockpit
Vendor: CVE Published:; 4 July 2025

🔔 Create Cockpit Project Vulnerability Alert

What is CVE-2025-7053?

A security vulnerability has been identified in Cockpit up to version 2.11.3, affecting the processing of the file /system/users/save. This vulnerability allows an attacker to exploit the argument name/email, potentially leading to cross-site scripting attacks. The attack can be initiated remotely, which raises significant security concerns. Users are strongly advised to upgrade to Cockpit version 2.11.4, which includes an effective patch addressing this issue. Prompt action has been taken by the vendor to disclose and rectify the problem.

References

https://github.com/Cockpit-HQ/Cockpit/commit/bdcd5e3bc651...

https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.11.4

https://vuldb.com/?ctiid.314819

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025