Login Sign Up

CVE-2025-67833

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

CVE-2025-67833 is a cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor that allows unauthenticated attackers to inject malicious scripts via the tag parameter. This affects all organizations running PRTG Network Monitor versions before 25.4.114. Successful exploitation could lead to session hijacking, credential theft, or redirection to malicious sites.

💻 Affected Systems

Products:
  • Paessler PRTG Network Monitor
Versions: All versions before 25.4.114
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All PRTG installations with web interface accessible are vulnerable. No special configuration required.

📦 What is this software?

Prtg Network Monitor by Paessler

View all CVEs affecting Prtg Network Monitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator credentials, gains full control of PRTG system, pivots to internal network, and deploys ransomware across monitored infrastructure.

🟠

Likely Case

Attacker hijacks user sessions, steals credentials, redirects users to phishing sites, or defaces the PRTG interface.

🟢

If Mitigated

Script execution is blocked by browser security features or web application firewall, limiting impact to minor interface disruption.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities are commonly weaponized. The unauthenticated nature makes this particularly attractive to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.4.114 or later

Vendor Advisory: https://helpdesk.paessler.com/en/support/solutions/articles/76000087289-vulnerabilities-in-prtg-prior-v25-4-114-1032

Restart Required: Yes

Instructions:

1. Download PRTG 25.4.114 or later from Paessler website. 2. Backup current configuration. 3. Run installer with administrator privileges. 4. Restart PRTG services.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block XSS payloads in tag parameter

Network Segmentation

all

Restrict PRTG web interface access to trusted networks only

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to prevent script execution
  • Deploy reverse proxy with XSS filtering for all PRTG web traffic

🔍 How to Verify

Check if Vulnerable:

Check PRTG version in web interface: Settings → System Administration → Version Information

Check Version:

On PRTG server: Get-ItemProperty -Path "HKLM:\SOFTWARE\Paessler\PRTG Network Monitor" -Name "Version" (Windows) or cat /usr/local/prtg/version.txt (Linux)

Verify Fix Applied:

Confirm version is 25.4.114 or higher in Version Information page

📡 Detection & Monitoring

Log Indicators:

  • Unusual tag parameter values in web logs
  • JavaScript payloads in URL parameters
  • Multiple failed XSS attempts

Network Indicators:

  • HTTP requests with suspicious script tags in parameters
  • Unusual traffic patterns to PRTG web interface

SIEM Query:

source="prtg_web.log" AND (tag="*<script*" OR tag="*javascript:*" OR tag="*onerror=*")

📊 Metadata

CVE ID: CVE-2025-67833
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.06% exploit probability (18.7th percentile)
Published: January 14, 2026
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67833, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)