CVE-2025-24320

CVSS 3.1 Score 8 of 10 (high)

Details

Published Feb 5, 2025

CWE ID 79

Summary

CVE-2025-24320 is a stored cross-site scripting (XSS) vulnerability discovered in the BIG-IP Configuration utility. This issue allows an attacker to inject malicious JavaScript code into an undisclosed page, which will be executed in the context of the currently logged-in user. This vulnerability stems from an incomplete fix for the previously identified XSS flaw, CVE-2024-31156. It is important to note that only software versions receiving technical support are evaluated for this issue. (Note: The text has been paraphrased to provide a concise and objective summary without directly copying from the source text.)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2rd1Uf
https://www.cve.org/CVERecord?id=CVE-2025-24320
https://nvd.nist.gov/vuln/detail/CVE-2025-24320

Back to Vulnerability Database

CVE-2025-24320

CVSS 3.1 Score 8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations