CVE-2025-54057 – This CVE describes a cross-site scripting (XSS)... (How to Fix)

Q: How do I fix CVE-2025-54057?

1. Download Apache SkyWalking 10.3.0 from official sources. 2. Stop the SkyWalking service. 3. Backup configuration and data. 4. Replace installation with version 10.3.0. 5. Restore configuration if needed. 6. Start the service.

Q: What is the severity of CVE-2025-54057?

CVE-2025-54057 has a CVSS score of 6.1 (MEDIUM). This CVE describes a cross-site scripting (XSS) vulnerability in Apache SkyWalking where malicious script tags can be injected into web pages. It affects all Apache SkyWalking installations running version 10.2.0 or earlier. Attackers could execute arbitrary JavaScript in users' browsers when they visit compromised SkyWalking pages.

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in Apache SkyWalking where malicious script tags can be injected into web pages. It affects all Apache SkyWalking installations running version 10.2.0 or earlier. Attackers could execute arbitrary JavaScript in users' browsers when they visit compromised SkyWalking pages.

💻 Affected Systems

Products:

Apache SkyWalking

Versions: <= 10.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with web interface enabled are vulnerable. The vulnerability exists in the web UI components.

📦 What is this software?

Skywalking by Apache

View all CVEs affecting Skywalking →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on client systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of SkyWalking web interface pages.

🟢

If Mitigated

Limited impact if proper Content Security Policy (CSP) headers are implemented and input validation is enforced.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Basic XSS vulnerabilities typically have low exploitation complexity. No public exploit code has been identified in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.3.0

Vendor Advisory: https://lists.apache.org/thread/sl2x2tx8y007x0mo746yddx2lvnv9tcr

Restart Required: Yes

Instructions:

1. Download Apache SkyWalking 10.3.0 from official sources. 2. Stop the SkyWalking service. 3. Backup configuration and data. 4. Replace installation with version 10.3.0. 5. Restore configuration if needed. 6. Start the service.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution and mitigate XSS impact

Add to web server config: Content-Security-Policy: default-src 'self'; script-src 'self'

Web Application Firewall Rules

all

Configure WAF to block XSS patterns in SkyWalking requests

Configure WAF to block patterns like <script>, javascript:, onload=, etc.

🧯 If You Can't Patch

Restrict network access to SkyWalking web interface to trusted IPs only
Disable SkyWalking web interface if not required and use API-only access

🔍 How to Verify

Check if Vulnerable:

Check SkyWalking version via web interface or configuration files. If version is 10.2.0 or earlier, system is vulnerable.

Check Version:

Check web interface footer or examine skywalking-agent/config/agent.config for version information

Verify Fix Applied:

After upgrade, confirm version is 10.3.0 or later and test XSS payloads are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual script tags in HTTP requests
JavaScript payloads in URL parameters
Multiple failed XSS attempts

Network Indicators:

HTTP requests containing <script> tags to SkyWalking endpoints
Unusual JavaScript in POST data

SIEM Query:

source="skywalking" AND (http_request:*<script>* OR http_request:*javascript:* OR http_request:*onload=*)

📊 Metadata

CVE ID: CVE-2025-54057

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-80

EPSS Score: 0.33% exploit probability (55.6th percentile)

Published: November 27, 2025

Last Updated: December 4, 2025

🔗 References

https://lists.apache.org/thread/sl2x2tx8y007x0mo746yddx2lvnv9tcr Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/27/1 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54057, you might also want to check these: