CVE-2025-4951

Name of the Vulnerable Software and Affected Versions: Rapid7 AppSpider Pro versions prior to 7.5.018

Description: The issue is related to a stored cross-site scripting vulnerability in the ScanName field. Although the application prevents the inclusion of special characters within the ScanName field, this restriction can be bypassed by directly modifying the configuration file.

Recommendations: For versions prior to 7.5.018, update to version 7.5.018 or later to resolve the issue. As a temporary workaround, consider restricting direct modifications to the configuration file to minimize the risk of exploitation. Avoid using the ScanName field in a way that could introduce malicious scripts until the issue is resolved.