CVE-2025-4951 — MEDIUM (4.6)

Q: How severe is CVE-2025-4951?

CVE-2025-4951 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-4951?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Appspider Pro.

Vulnerability Description

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration file directly. This is fixed as of version 7.5.018

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Rapid7	Appspider Pro	< 7.5.018

Related Weaknesses (CWE)

CWE-79

References

https://docs.rapid7.com/release-notes/appspider/20250516/Release Notes

FAQ

What is CVE-2025-4951?

CVE-2025-4951 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of specia...

How severe is CVE-2025-4951?

CVE-2025-4951 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-4951?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Appspider Pro.