CVE-2025-22582

Summary

CVE-2025-22582 is a recently disclosed vulnerability affecting Uptime Robot, a popular website and server monitoring tool. The issue is a Cross-Site Request Forgery (CSRF) vulnerability combined with a Stored Cross-Site Scripting (XSS) flaw. An attacker could exploit the CSRF vulnerability to execute malicious code in a user's web browser, resulting in potential data theft or unauthorized account actions. This risk is amplified due to the presence of the Stored XSS vulnerability, which allows attackers to inject and save malicious scripts on the target website for later use. Uptime Robot versions from n/a through 0.1.3 are reportedly impacted. Users are highly recommended to upgrade to a secure version as soon as possible to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.