Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                  Note d'Information No. 2025/VULN077

_____________________________________________________________________

DATE                : 10/02/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Felix versions prior to
                                     3.8.2, 3.7.6.

=====================================================================
https://lists.apache.org/thread/f9j2t90n2j00r04ph7pmps5d4pcxq2k2
_____________________________________________________________________

FELIX-6751: CVE-2025-25247: Apache Felix Webconsole: XSS in services
console

Severity: moderate

Affected versions:

- Apache Felix Webconsole Version 4.x through 4.9.8
- Apache Felix Webconsole Version 5.x through 5.0.8


Description:

Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') vulnerability in Apache Felix Webconsole.

This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x
up to 5.0.8.

Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher,
which fixes the issue.


Credit:

Viktor Mares (me@viktormares.com) (finder)


References:

https://felix.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-25247



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================