CVE-2025-51859

Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model (LLM) to embed malicious script payloads (e.g., SVG-based XSS) into its chat responses. When a user interacts with such a malicious agent or accesses a direct link to a conversation containing an XSS payload, the script executes in the user's browser. Successful exploitation can lead to the theft of sensitive information, such as JWT session tokens, potentially resulting in account hijacking.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Secsys-FDU/CVE-2025-51859

Configurations

No configuration.

History

No history.

Information

Published : 2025-07-22 15:15

Updated : 2025-07-25 15:29

NVD link : CVE-2025-51859

Mitre link : CVE-2025-51859

CVE.ORG link : CVE-2025-51859

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-51859", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-07-22T15:15:36.623", "references": [{"url": "https://github.com/Secsys-FDU/CVE-2025-51859", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model (LLM) to embed malicious script payloads (e.g., SVG-based XSS) into its chat responses. When a user interacts with such a malicious agent or accesses a direct link to a conversation containing an XSS payload, the script executes in the user's browser. Successful exploitation can lead to the theft of sensitive information, such as JWT session tokens, potentially resulting in account hijacking."}, {"lang": "es", "value": "Vulnerabilidad de cross-site scripting (XSS) almacenado en Chaindesk hasta el 26/05/2025 en su componente de chat del agente. Un atacante puede ejecutar scripts arbitrarios del lado del cliente manipulando un agente de IA cuyo mensaje del sistema indica al Modelo de Lenguaje Grande (LLM) subyacente que incorpore payloads de scripts maliciosos (p. ej., XSS basado en SVG) en sus respuestas de chat. Cuando un usuario interact\u00faa con dicho agente malicioso o accede a un enlace directo a una conversaci\u00f3n que contiene un payload XSS, el script se ejecuta en su navegador. Una explotaci\u00f3n exitosa puede provocar el robo de informaci\u00f3n confidencial, como tokens de sesi\u00f3n JWT, lo que podr\u00eda resultar en el secuestro de cuentas."}], "lastModified": "2025-07-25T15:29:44.523", "sourceIdentifier": "cve@mitre.org"}