CVE-2025-57539

Published: Sep 9, 2025

Modified: Sep 10, 2025

PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially leading to session hijacking or other attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/khankishiyev-j/bug-bounty/blob/main/proxmox-xss

https://www.youtube.com/watch?v=-wvkN-7oT5U

https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/page-2#post-792010

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57539

Description

Affected Products

References