Stored Cross-Site Scripting Vulnerability in Broadcom's Affected Product
CVE-2025-8661

4.6MEDIUM

Key Information:

Vendor: Broadcom
Status: Symantec Pgp Encryption
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-8661?

A stored Cross-Site Scripting vulnerability exists when the server fails to properly validate or encode user input. This security flaw can allow attackers to inject malicious scripts into the application, which may then be executed in the context of other users. Such vulnerabilities can lead to unauthorized actions, data theft, or further exploitation of the application. Organizations using Broadcom's affected software should implement rigorous input validation and encoding mechanisms to mitigate the risks associated with this vulnerability.

Affected Version(s)

Symantec PGP Encryption 11.0.1

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Pedro Cornago Lopez, Nordea Bank ABP (http://linkedin.com/in/pedro-cornago-a962143a)

Michał Bogdanowicz, Nordea Bank ABP (https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/)