CVE-2025-62613

Vulnerability Description

VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting (XSS) vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in the DOM. The application fails to validate and encode user input, allowing malicious scripts to be injected and executed. This issue has been patched in version 28.4.

Related Weaknesses (CWE)

References

• https://github.com/steveseguin/vdo.ninja/commit/83c0ac753ad60c7a086daced3244688c
• https://github.com/steveseguin/vdo.ninja/releases/tag/v28.4
• https://github.com/steveseguin/vdo.ninja/security/advisories/GHSA-mp9c-cpch-x73c

FAQ

What is CVE-2025-62613?

CVE-2025-62613 is a documented vulnerability. VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting (XSS) vulnerability exists on examp...

How severe is CVE-2025-62613?

CVSS scoring is not yet available for CVE-2025-62613. Check NVD for updates.

Is there a patch for CVE-2025-62613?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.