CVE-2025-54057

Name of the Vulnerable Software and Affected Versions Apache SkyWalking versions prior to 10.3.0

Description The software contains an Improper Neutralization of Script-Related HTML Tags in a Web Page issue, also known as a Basic Cross-Site Scripting (XSS) flaw. This allows attackers to inject malicious JavaScript into SkyWalking UI fields, potentially leading to persistent XSS, session hijacking, and unauthorized actions when administrators view compromised pages. The flaw is due to improper sanitization in multiple input fields within the SkyWalking UI. Approximately 2,600 potentially affected devices have been identified.

Recommendations Upgrade to version 10.3.0 to resolve the issue.