CVE Alert: CVE-2025-4951

May 22, 2025
image 1

Vulnerability Summary: CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the “ScanName” field. Despite the application preventing the inclusion of special characters within the “ScanName” field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018

Affected Endpoints:

No affected endpoints listed.

Published Date:

5/20/2025, 9:15:21 AM

⚠️ CVSS Score:

CVSS v3 Score: 4.6 (Medium)

Exploit Status:

Not Exploited

EPS Score: 0.00018 | Ranking EPS: 0.0303

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P2 – Unauthenticated Remote Code Execution (CVE-2025-4428) – Ironsoul74

May 22, 2025
image

[EVEREST] – Ransomware Victim: Coca-Cola

May 22, 2025
2f65c4b51a1c66a780783eea3bd9a375eb9e61ef8101b7a370457dfbf2bb9f63

M&s Warns Of £300m Dent In Profits From Cyberattack

May 22, 2025
e56fb8a33e74e11f253c2fba69e4510a84d38e32897125851bbf55def862b2a6

Amd Puts Intel In Rear View Mirror With Threadripper Pro 9000 High End Desktopchips

May 22, 2025
d87fdb865e5eb7fdcb22541caecbd47dec11d63607539a164ae627065d3ee8ff

Intel Bets You’ll Stack Cheap Gpus To Avoid Spending Top Dollar On Nvidia Pros

May 22, 2025