CVE-2025-24684

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 3, 2025

CWE ID 79

Summary

CVE-2025-24684 is a Cross-site Scripting (XSS) vulnerability affecting the Ederson Peka Media Downloader. The flaw, which allows Reflected XSS attacks, occurs due to improper neutralization of user input during web page generation. This issue exists in Media Downloader versions from n/a to 0.4.7.5, potentially putting users at risk of having their browsing sessions hijacked or sensitive data stolen. Attackers could exploit this vulnerability by injecting malicious scripts into web pages viewed by the victims, leading to unintended execution of malicious code in their web browsers. Users are advised to update their Media Downloader software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database