Login Sign Up

CVE-2025-11147

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in Apt-Cacher-NG allows attackers to inject malicious scripts into HTML files served by the application. When users access specially crafted URLs containing the malicious scripts, their browsers execute the code in the context of the Apt-Cacher-NG web interface. This affects organizations using vulnerable versions of Apt-Cacher-NG with internet-facing or internal deployments.

💻 Affected Systems

Products:
  • Apt-Cacher-NG
Versions: v3.2.1
Operating Systems: Linux distributions using Apt-Cacher-NG
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments with web interface enabled and accessible via /html/*.html endpoints.

📦 What is this software?

Apt Cacher Ng by Apt Cacher Ng Project

View all CVEs affecting Apt Cacher Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, redirect users to malicious sites, or deploy malware through the web interface.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the Apt-Cacher-NG web interface through script execution in user browsers.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting users who click malicious links.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (clicking malicious link) and knowledge of the target's Apt-Cacher-NG URL structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after v3.2.1

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apt-cacher-ng

Restart Required: No

Instructions:

1. Check current Apt-Cacher-NG version. 2. Update to latest version via package manager. 3. Verify update completed successfully.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or input validation to block malicious script patterns in URL parameters.

# Example mod_security rule: SecRule ARGS "<script" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to restrict script execution sources.
  • Restrict network access to Apt-Cacher-NG web interface using firewall rules.

🔍 How to Verify

Check if Vulnerable:

Check if Apt-Cacher-NG version is v3.2.1 and test for XSS via /html/*.html endpoints with payloads like <script>alert('XSS')</script>.

Check Version:

apt-cacher-ng --version

Verify Fix Applied:

After updating, test same XSS payloads to confirm they are properly sanitized and no longer execute.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /html/*.html containing script tags or JavaScript code
  • Multiple failed attempts with encoded script payloads

Network Indicators:

  • HTTP requests with suspicious parameters in URLs targeting Apt-Cacher-NG

SIEM Query:

source="apt-cacher-ng" AND (url="*<script*" OR url="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-11147
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (16.2th percentile)
Published: September 29, 2025
Last Updated: October 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11147, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)