CVE-2025-9096

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: ExpressGateway versions up to 1.16.10

Description: A vulnerability exists in ExpressGateway, specifically within the lib/rest/routes/apps.js component’s REST Endpoint. The issue involves an unknown function and allows for cross-site scripting (XSS) attacks. This attack can be launched remotely. The exploit details have been publicly disclosed, and the vendor was informed but did not respond.

Recommendations: Update ExpressGateway to a version beyond 1.16.10.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-9096

GHSA-XFP8-X3J6-H67V

Affected Products

Express Gateway

CVE-2025-9096

Weakness Enumeration

Related Identifiers

Affected Products

References · 11