CVE-2025-52217 – SelectZero Data Observability Platform versions... (How to Fix)

Q: What is the severity of CVE-2025-52217?

CVE-2025-52217 has a CVSS score of 5.4 (MEDIUM). SelectZero Data Observability Platform versions before 2025.5.2 are vulnerable to HTML injection in legacy UI fields. This allows attackers to inject arbitrary HTML content, potentially leading to cross-site scripting attacks. Organizations using affected versions of this platform are at risk.

📋 TL;DR

SelectZero Data Observability Platform versions before 2025.5.2 are vulnerable to HTML injection in legacy UI fields. This allows attackers to inject arbitrary HTML content, potentially leading to cross-site scripting attacks. Organizations using affected versions of this platform are at risk.

💻 Affected Systems

Products:

SelectZero Data Observability Platform

Versions: All versions before 2025.5.2

Operating Systems: All platforms running SelectZero

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects legacy UI fields; modern UI components may not be vulnerable.

📦 What is this software?

Selectzero by Selectzero

View all CVEs affecting Selectzero →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could inject malicious scripts that steal session cookies, redirect users to phishing sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Attackers inject HTML that defaces the application interface or creates misleading content for users.

🟢

If Mitigated

With proper input validation and output encoding, injected HTML would be rendered as plain text without executing scripts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires access to legacy UI fields with input capabilities; exploitation depends on user interaction with injected content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.5.2

Vendor Advisory: https://selectzero.io/change-log/

Restart Required: No

Instructions:

1. Backup current configuration. 2. Upgrade to version 2025.5.2 or later. 3. Verify legacy UI fields now properly sanitize HTML input.

🔧 Temporary Workarounds

Disable Legacy UI

all

Disable or restrict access to legacy UI components that contain vulnerable fields

Input Validation Filter

all

Implement web application firewall rules or input validation to strip HTML tags from legacy UI field submissions

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to prevent script execution from injected content
Monitor and audit all user input in legacy UI fields for HTML patterns

🔍 How to Verify

Check if Vulnerable:

Check if version is below 2025.5.2 and test legacy UI fields by attempting to submit HTML content like <b>test</b>

Check Version:

Check platform admin interface or configuration files for version information

Verify Fix Applied:

After upgrade to 2025.5.2+, test that HTML submitted to legacy UI fields is properly sanitized and displayed as plain text

📡 Detection & Monitoring

Log Indicators:

Unusual HTML patterns in user input logs
Multiple failed HTML injection attempts

Network Indicators:

HTTP requests containing HTML tags in parameter values for legacy UI endpoints

SIEM Query:

source="selectzero" AND (message="*<script>*" OR message="*<img*" OR message="*onerror=*")

📊 Metadata

CVE ID: CVE-2025-52217

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.02% exploit probability (5.8th percentile)

Published: August 26, 2025

Last Updated: September 9, 2025

🔗 References

https://selectzero.io/change-log/ Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52217, you might also want to check these: