{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-45806", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T14:50:42.343Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T14:03:48.816Z"}, "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/rrweb-io/rrweb"}, {"url": "https://github.com/rrweb-io/rrweb/tree/master/packages/rrweb-snapshot"}, {"url": "https://github.com/rrweb-io/rrweb/issues/1817"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:50:17.883722Z", "id": "CVE-2025-45806", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:50:42.343Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-45806", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T14:50:17.883722Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:50:38.202Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/rrweb-io/rrweb"}, {"url": "https://github.com/rrweb-io/rrweb/tree/master/packages/rrweb-snapshot"}, {"url": "https://github.com/rrweb-io/rrweb/issues/1817"}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T14:03:48.816Z"}}}, "cveMetadata": {"cveId": "CVE-2025-45806", "state": "PUBLISHED", "dateUpdated": "2026-04-09T14:50:42.343Z", "dateReserved": "2025-04-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."}], "id": "CVE-2025-45806", "lastModified": "2026-04-13T15:02:47.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T14:16:25.210", "references": [{"source": "cve@mitre.org", "url": "https://github.com/rrweb-io/rrweb"}, {"source": "cve@mitre.org", "url": "https://github.com/rrweb-io/rrweb/issues/1817"}, {"source": "cve@mitre.org", "url": "https://github.com/rrweb-io/rrweb/tree/master/packages/rrweb-snapshot"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.0-alpha.18)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "rrweb", "vendor": "rrweb-io"}], "analysis": {"en": {"generated_at": "2026-04-09T16:30:07.378960+00:00", "value": {"mitigation_remediation": ["Upgrade rrweb\u2011snapshot to version 2.0.0\u2011alpha.18 or later, ensuring the patch that closes the XSS issue is applied.", "If an upgraded version cannot be released immediately, enable a strict Content Security Policy that disallows unsafe inline scripts and restricts allowed script sources to trusted domains.", "Where possible, validate and sanitize all data that will be passed to rrweb\u2011snapshot before it is processed, removing any user\u2011supplied HTML tags or script elements.", "Monitor application logs for unexpected or malformed payloads that might be attempting to exploit the library, and block or quarantine such traffic if detected."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary script execution in the victim's browser via cross\u2011site scripting"}, "threat_synthesis": {"affected_systems": "The flaw exists in rrweb\u2011snapshot prior to version 2.0.0\u2011alpha.18. All deployments that incorporate the library from the GitHub contributors list that reference older releases are potentially affected. No vendor-specific product licensing is listed, as the library is open\u2011source and distributed via GitHub.", "description_and_impact": "A cross\u2011site scripting weakness in the rrweb\u2011snapshot JavaScript library allows an attacker to construct a custom payload that is interpreted as executable script or markup when the library processes it. The vulnerability is classified as CWE\u201179 and can lead to arbitrary code execution within the context of a victim\u2019s browser session, potentially enabling theft of credentials, session hijacking, or defacement of content. The impact is limited to the user\u2019s browser environment and does not directly affect the server or other users without the crafted payload.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity, and the CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no known widespread exploitation. The EPSS score is not available, so the precise likelihood of attack remains uncertain. Attackers would most likely deliver a crafted payload through a stored or reflected input that is captured by rrweb\u2011snapshot and then rendered in a victim\u2019s browser. Without an attack surface that triggers the library\u2019s vulnerable path, exploitation is unlikely, but the presence of the flaw allows for significant damage if such an input path exists."}}}}, "created": "2026-04-10T08:54:08.264807+00:00", "updated": "2026-04-10T09:33:17.618575+00:00", "vendors": ["rrweb-io", "rrweb-io$PRODUCT$rrweb"]}