How severe is CVE-2025-24320?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2025-24320?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-24320 - MEDIUM Severity | CVSS 8

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2017-10612

HIGH

CVSS:8.0(High)

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal informati...

CWE-792017

CVE-2019-1583

HIGH

CVSS:8.0(High)

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another use...

CWE-792019

CVE-2019-17333

HIGH

CVSS:8.0(High)

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releas...

CWE-792019

CVE-2020-35936

HIGH

CVSS:8.0(High)

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotel...

CWE-792020

CVE-2020-35937

HIGH

CVSS:8.0(High)

Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a re...

CWE-792020

CVE-2020-5398

HIGH

CVSS:8.0(High)

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it s...

CWE-792020