{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30219", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-18T18:15:13.850Z", "datePublished": "2025-03-25T22:55:35.539Z", "dateUpdated": "2025-03-26T13:43:18.250Z"}, "containers": {"cna": {"title": "RabbitMQ has XSS Vulnerability in an Error Message in Management UI", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p"}], "affected": [{"vendor": "rabbitmq", "product": "rabbitmq-server", "versions": [{"version": "< 4.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-25T22:55:35.539Z"}, "descriptions": [{"lang": "en", "value": "RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions\nwill display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue."}], "source": {"advisory": "GHSA-g58g-82mw-9m3p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T13:43:09.892366Z", "id": "CVE-2025-30219", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T13:43:18.250Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions\nwill display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue."}, {"lang": "es", "value": "RabbitMQ es un br\u00f3ker de mensajer\u00eda y streaming. Las versiones anteriores a la 4.0.3 son vulnerables a un ataque sofisticado que podr\u00eda modificar el nombre del host virtual en el disco y hacerlo irrecuperable (junto con otras modificaciones de archivos en el disco), lo que puede provocar la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en los navegadores de los usuarios de la interfaz de administraci\u00f3n. Cuando un host virtual en un nodo RabbitMQ no se inicia, las versiones recientes mostrar\u00e1n un mensaje de error (una notificaci\u00f3n) en la interfaz de administraci\u00f3n. El mensaje de error incluye el nombre del host virtual, que no se escapaba antes de las versiones de c\u00f3digo abierto RabbitMQ 4.0.3 y Tanzu RabbitMQ 4.0.3, 3.13.8. Un ataque que provoque el inicio de un host virtual y cree un nuevo nombre de host virtual con un fragmento de c\u00f3digo XSS o cambie el nombre de un host virtual existente en el disco podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en la interfaz de administraci\u00f3n (el navegador del usuario). Las versiones de c\u00f3digo abierto RabbitMQ 4.0.3 y Tanzu RabbitMQ 4.0.3 y 3.13.8 solucionan el problema."}], "id": "CVE-2025-30219", "lastModified": "2025-03-27T16:45:46.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-03-25T23:15:36.560", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "rabbitmq: RabbitMQ has XSS Vulnerability in an Error Message in Management UI", "id": "2354973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354973"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L", "status": "draft"}, "cwe": "CWE-79", "details": ["RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions\nwill display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.", "A flaw was found in the RabbitMQ package. Affected versions of RabbitMQ are vulnerable to an attack that can modify the virtual host name on the disk and then make it unrecoverable, with other on disk file modifications. This issue can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message notification in the management UI, including the virtual host name, which was not escaped prior to open source RabbitMQ and Tanzu RabbitMQ. This attack makes a virtual host fail to start and creates a new virtual host name with a XSS code snippet or changes the name of an existing virtual host on disk."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, it is recommended to disable the management plugin and use Prometheus and Grafana for monitoring."}, "name": "CVE-2025-30219", "package_state": [{"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Fix deferred", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2025-03-25T22:55:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-30219\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-30219\nhttps://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p"], "threat_severity": "Moderate"}

{}