CVE-2025-30219

CWE-79Cross-site Scripting (XSS)7 documents7 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 69.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rabbitmq Rabbitmq-server
Timeline
PublishedMar 25
Latest updateMar 31

Description

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name,

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:LExploitability: 0.8 | Impact: 4.7

Affected Packages2 packages

CVEListV5rabbitmq/rabbitmq-server< 4.0.3
Debianrabbitmq-server< 4.0.5-1+1

🔴Vulnerability Details

2
CVEList
RabbitMQ has XSS Vulnerability in an Error Message in Management UI2025-03-25
OSV
CVE-2025-30219: RabbitMQ is a messaging and streaming broker2025-03-25

📋Vendor Advisories

4
Ubuntu
RabbitMQ Server vulnerability2025-03-31
Red Hat
rabbitmq: RabbitMQ has XSS Vulnerability in an Error Message in Management UI2025-03-25
Microsoft
RabbitMQ has XSS Vulnerability in an Error Message in Management UI2025-03-11
Debian
CVE-2025-30219: rabbitmq-server - RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulner...2025