CVE-2025-65572 – This Cross-Site Scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2025-65572?

CVE-2025-65572 has a CVSS score of 6.1 (MEDIUM). This Cross-Site Scripting (XSS) vulnerability in AllskyTeam AllSky allows remote attackers to inject malicious scripts via config, filename, or extratext parameters. When users visit the allskySettings.php page, the injected scripts execute in their browser context. All users running the vulnerable version of AllSky software are affected.

📋 TL;DR

This Cross-Site Scripting (XSS) vulnerability in AllskyTeam AllSky allows remote attackers to inject malicious scripts via config, filename, or extratext parameters. When users visit the allskySettings.php page, the injected scripts execute in their browser context. All users running the vulnerable version of AllSky software are affected.

💻 Affected Systems

Products:

AllskyTeam AllSky

Versions: v2024.12.06_06 and potentially earlier versions

Operating Systems: All platforms running AllSky

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration and requires no special setup to be exploitable.

📦 What is this software?

Allsky by Allskyteam

View all CVEs affecting Allsky →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface the application, or redirect users to malicious sites.

🟠

Likely Case

Session hijacking leading to unauthorized access, data theft, or website defacement.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some risk remains.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with public proof-of-concept available, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor the official AllSky GitHub repository for security updates. 2. Apply any available patches immediately when released. 3. Review and implement input validation and output encoding fixes.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and output encoding for the vulnerable parameters

# Modify allskySettings.php to validate and sanitize config, filename, and extratext parameters
# Add htmlspecialchars() or similar encoding to output in status_messages.php

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules

# Configure WAF to block suspicious parameter values containing script tags or JavaScript

🧯 If You Can't Patch

Restrict access to allskySettings.php to trusted IP addresses only
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check if your AllSky version is v2024.12.06_06 or earlier by examining the software version in the interface or configuration files.

Check Version:

grep -r 'version' /path/to/allsky/installation/ or check the web interface

Verify Fix Applied:

Test the vulnerable parameters with XSS payloads to ensure they are properly sanitized and no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in access logs for allskySettings.php
Multiple requests with script-like content in parameters

Network Indicators:

HTTP requests containing script tags or JavaScript in config, filename, or extratext parameters

SIEM Query:

source="web_access_logs" AND uri="*allskySettings.php*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-65572

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.11% exploit probability (29.3th percentile)

Published: December 9, 2025

Last Updated: December 16, 2025

🔗 References

https://gh0stmezh.wordpress.com/2025/12/04/cve-2025-65572/ Exploit,Third Party Advisory
https://github.com/AllskyTeam/allsky Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/allskySettings.php Product
https://github.com/AllskyTeam/allsky/blob/master/html/includes/status_messages.php Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65572, you might also want to check these: