CVE-2025-30345 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2025-30345?

CVE-2025-30345 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-30345?

Check the references section above for vendor advisories and patch information. Affected products include: Openslides Openslides.

Vulnerability Description

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when deleting chats or deleting messages in these chats. This potentially allows attackers to interfere with the layout of the rendered website, but it is unlikely that victims would click on deleted chats or deleted messages.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Openslides	Openslides	< 4.2.5

Related Weaknesses (CWE)

CWE-116 CWE-79

References

https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlidesExploitThird Party Advisory

FAQ

What is CVE-2025-30345?

CVE-2025-30345 is a vulnerability with a CVSS score of 3.5 (LOW). An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are fi...

How severe is CVE-2025-30345?

CVE-2025-30345 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30345?

Check the references section above for vendor advisories and patch information. Affected products include: Openslides Openslides.