Vulnerability Description
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.
Related Weaknesses (CWE)
References
- https://help.sonatype.com/en/sonatype-nexus-repository-3-87-0-release-notes.html
- https://support.sonatype.com/hc/en-us/articles/46896142768019
FAQ
What is CVE-2025-13488?
CVE-2025-13488 is a documented vulnerability. Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with reposi...
How severe is CVE-2025-13488?
CVSS scoring is not yet available for CVE-2025-13488. Check NVD for updates.
Is there a patch for CVE-2025-13488?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.