CVE-2025-11147

Name of the Vulnerable Software and Affected Versions Apt-Cacher-NG version 3.2.1

Description A reflected cross-site scripting (XSS) issue exists in Apt-Cacher-NG. This allows the execution of malicious scripts within the “/html/.html” path. The vulnerability enables attackers to inject and execute scripts through this endpoint.

Recommendations Update Apt-Cacher-NG to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the “/html/.html” endpoint until a patch is available.