CVE-2025-54597
published 2025-07-27CVE-2025-54597: LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.56%
42.6th percentile
LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linuxserver | heimdall | < 2.7.3 | 2.7.3 |
| linuxserver | heimdall_application_dashboard | < 2.7.3 | 2.7.3 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Heimdall Application Dashboard < 2.7.3 - Reflected XSS
nuclei·CVSS 6.1
CVE-2025-54597 [MEDIUM] Heimdall Application Dashboard < 2.7.3 - Reflected XSS
Heimdall Application Dashboard '
part: body
- type: status
status:
- 200
# digest: 4b0a00483046022100c04b9e327be456e95e06ff6256fd0646df356af464c7b32bdbb2f150da376db902210099776606b4307341e208eef1da47251d2d8c5dc06b7a61422c711e0cba4f2e7b:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2025-07-27
Published