CVE-2025-57539

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions 8.4

Description: A stored cross-site scripting (XSS) vulnerability exists in the U2F Origin field of the Datacenter configuration. Authenticated users can store malicious input which is rendered unsafely in the Web UI and executed when viewed by other users. This could potentially lead to session hijacking or other attacks.

Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, sanitize user input for the U2F Origin field in the Datacenter configuration.