CVE-2025-7885 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-7885?

CVE-2025-7885 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into the WebSSH login page via manipulated hostname or port parameters. It affects Huashengdun WebSSH versions up to 1.6.2, enabling cross-site scripting attacks that can steal credentials or hijack sessions. The vulnerability is remotely exploitable and affects all users of vulnerable versions.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the WebSSH login page via manipulated hostname or port parameters. It affects Huashengdun WebSSH versions up to 1.6.2, enabling cross-site scripting attacks that can steal credentials or hijack sessions. The vulnerability is remotely exploitable and affects all users of vulnerable versions.

💻 Affected Systems

Products:

Huashengdun WebSSH

Versions: Up to and including 1.6.2

Operating Systems: All platforms running WebSSH

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable component enabled are affected. The login page component is typically enabled by default.

📦 What is this software?

Webssh by Huashengdun

View all CVEs affecting Webssh →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full system access, pivot to internal networks, and deploy ransomware or data exfiltration tools.

🟠

Likely Case

Session hijacking leading to unauthorized SSH access to managed systems, credential theft from legitimate users, and potential lateral movement.

🟢

If Mitigated

Limited to session disruption or minor data leakage if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing instances prime targets.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges or move laterally within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repositories. The vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

1. Monitor the official GitHub repository for patches. 2. Consider alternative WebSSH solutions if no patch is forthcoming. 3. Implement workarounds immediately.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to sanitize hostname and port parameters before processing

# Example for nginx: location /webssh { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; }

WAF Rule Implementation

all

Deploy web application firewall rules to block XSS payloads in hostname and port parameters

# ModSecurity rule: SecRule ARGS:hostname "@rx <script" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Isolate WebSSH instances behind authentication gateways or VPNs
Implement Content Security Policy headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test by injecting basic XSS payloads into hostname/port fields: <script>alert('test')</script>

Check Version:

Check package.json or application metadata for version number

Verify Fix Applied:

Verify that script tags in hostname/port parameters are properly sanitized or rejected

📡 Detection & Monitoring

Log Indicators:

Unusual length hostname/port parameters
Requests containing script tags or JavaScript in URL parameters
Multiple failed login attempts from same IP with varying parameters

Network Indicators:

HTTP requests with encoded script tags in parameters
Unusual traffic patterns to /login endpoints

SIEM Query:

source="webssh.log" AND (hostname="*<script*" OR port="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-7885

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (17.4th percentile)

Published: July 20, 2025

Last Updated: September 15, 2025

🔗 References

https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-7885.md Exploit,Third Party Advisory
https://github.com/huashengdun/webssh/issues/410 Issue Tracking,Patch
https://vuldb.com/?ctiid.317000 Permissions Required,VDB Entry
https://vuldb.com/?id.317000 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.613610 Third Party Advisory,VDB Entry
https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-7885.md Exploit,Third Party Advisory
https://github.com/huashengdun/webssh/issues/410 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7885, you might also want to check these: