CVE-2025-7053

Name of the Vulnerable Software and Affected Versions: Cockpit versions up to 2.11.3

Description: A issue was found in the processing of the file /system/users/save, where the manipulation of the argument name or email leads to cross-site scripting. The attack may be initiated remotely. It is estimated that this issue may affect some unknown number of devices, but the exact number is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For Cockpit versions up to 2.11.3, upgrade to version 2.11.4 to address this issue. As a temporary workaround, consider restricting access to the /system/users/save file until the upgrade is applied. Avoid using the name and email arguments in the affected processing until the issue is resolved.