CVE-2025-6509

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71

Description: A vulnerability was found in the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross-site scripting. The attack can be launched remotely.

Recommendations: For seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71, as a temporary workaround, consider restricting access to the echo function in the SimpleController.java file until a fix is available. Avoid using the Name argument in the affected function to minimize the risk of exploitation.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-6509

Affected Products

Seaswalker Spring-Analysis

CVE-2025-6509

Weakness Enumeration

Related Identifiers

Affected Products

References · 9