CVE-2025-31500 — Vulnetix

CVE-2025-31500 PUBLISHED CVSS 7.199999809265137 HIGH

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.

EPSS 0.25% · 48.6th percentile

Risk Scores

CVSS 3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS Score

0.25%

48.6th percentile

Affected Products

Vendor	Product	Versions
bestpractical	RT	5.0.0
bestpractical	rt	5.0.0
bestpractical	request_tracker	5.0.0

Exploit Intelligence

CIRCL seen: CVE-2025-31500 (circl-sighting)
https://docs.bestpractical.com/release-notes/rt/index.html (circl)
https://docs.bestpractical.com/release-notes/rt/5.0.8 (circl)

Timeline

May 28, 2025 CVE Published
May 28, 2025 CVE Updated
May 28, 2025 PoC Published
May 29, 2025 EPSS Score
Jun 1, 2025 Coalition ESS Score
Jun 9, 2025 EPSS Score
Jun 14, 2025 Coalition ESS Score
Jun 20, 2025 EPSS Score
Jul 1, 2025 EPSS Score
Jul 12, 2025 EPSS Score
Jul 22, 2025 EPSS Score
Aug 2, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›