CVE-2025-67834
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious scripts via the filter parameter in Paessler PRTG Network Monitor. When exploited, it enables cross-site scripting (XSS) attacks that can steal session cookies, redirect users, or perform actions on their behalf. All organizations running vulnerable versions of PRTG Network Monitor are affected.
💻 Affected Systems
- Paessler PRTG Network Monitor
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full administrative access to PRTG, and compromise the entire monitoring infrastructure, potentially pivoting to other systems.
Likely Case
Attackers steal user session cookies to gain unauthorized access to monitoring data, modify configurations, or disrupt monitoring operations.
If Mitigated
With proper input validation and output encoding, the attack fails to execute malicious scripts, limiting impact to attempted exploitation logs.
🎯 Exploit Status
XSS vulnerabilities are commonly weaponized; unauthenticated access makes exploitation trivial for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 25.4.114 or later
Vendor Advisory: https://helpdesk.paessler.com/en/support/solutions/articles/76000087289-vulnerabilities-in-prtg-prior-v25-4-114-1032
Restart Required: Yes
Instructions:
1. Download PRTG Network Monitor version 25.4.114 or later from Paessler website. 2. Backup current configuration. 3. Run installer to upgrade. 4. Restart PRTG services. 5. Verify version in web interface.
🔧 Temporary Workarounds
Input Validation Filter
allImplement web application firewall or reverse proxy rules to sanitize filter parameter inputs
Access Restriction
allRestrict web interface access to trusted IP addresses only
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Deploy web application firewall with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check PRTG version in web interface: Settings > System Administration > License InformationCheck Version:
On PRTG server: Get-ItemProperty 'HKLM:\SOFTWARE\Paessler\PRTG Network Monitor' -Name Version (Windows) or cat /usr/local/prtg/version.txt (Linux)Verify Fix Applied:
Confirm version is 25.4.114 or higher in License Information page📡 Detection & Monitoring
Log Indicators:
- Unusual filter parameter values in web logs
- Multiple failed login attempts followed by filter parameter manipulation
Network Indicators:
- HTTP requests with suspicious JavaScript in filter parameter
- Unusual traffic patterns to PRTG web interface
SIEM Query:
source="prtg_web_logs" AND (filter CONTAINS "<script>" OR filter CONTAINS "javascript:")