VDB
CVE-2025-5411
CVE-2025-5411
PUBLISHED
CVSS 5.099999904632568 MEDIUM
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is named db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
EPSS 0.20% · 42.0th percentile
Risk Scores
CVSS v4.0
5.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.20%
42.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mist | Community Edition | 4.7.1, 4.7.0 |
| mist | mist | 0 |
Timeline
- Jun 1, 2025 CVE Published
- Jun 1, 2025 PoC Published
- Jun 2, 2025 EPSS Score
- Jun 2, 2025 PoC Published
- Jun 2, 2025 CVE Updated
- Jun 13, 2025 EPSS Score
- Jun 23, 2025 EPSS Score
- Jul 4, 2025 EPSS Score
- Jul 15, 2025 EPSS Score
- Jul 26, 2025 EPSS Score
- Aug 5, 2025 EPSS Score
- Aug 16, 2025 EPSS Score
References
- VDB-310751 | Mist Community Edition views.py tag_resources cross site scripting vdb
- VDB-310751 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #583533 | Mist.io Mist Community Edition (CE) 4.7.1 Cross Site Scripting third-party-advisory
- https://github.com/Stolichnayer/mist-ce-xss exploit
- https://github.com/mistio/mist.api/commit/db10ecb62ac832c1ed4924556d167efb9bc07fad patch
- https://github.com/mistio/mist-ce/releases/tag/v4.7.2 patch
- https://nvd.nist.gov/vuln/detail/CVE-2025-5411 advisory