CVE-2025-53839 — MEDIUM (4.0)

Vulnerability Description

DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users could inject HTML code into the workflow for newly onboarded users. A fix was made available in version 2.10.0 and rolled out to the DRACOON service. DRACOON customers do not need to take action.

CVSS Score

4.0

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-79

References

https://github.com/dracoon/security-advisories/security/advisories/GHSA-jv2h-8mw

FAQ

What is CVE-2025-53839?

CVE-2025-53839 is a vulnerability with a CVSS score of 4.0 (MEDIUM). DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are...

How severe is CVE-2025-53839?

CVE-2025-53839 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-53839?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.