CVE-2025-30158

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Apr 18, 2025

Updated: May 13, 2025

CWE ID 400

Summary

CVE-2025-30158 is a vulnerability affecting the NamelessMC Minecraft server software. In versions prior to 2.2.0, the forum integrated with NamelessMC allows users to post iframe elements in forum topics, comments, and feeds without restrictions on width and height attributes. An authenticated attacker can exploit this weakness by injecting oversized iframes, resulting in a UI-based denial of service (DoS) attack. This issue disrupts normal user interactions by blocking the forum UI with the injected iframes. The vulnerability has been mitigated in version 2.2.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Namelessmc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4bZ9j0
https://www.cve.org/CVERecord?id=CVE-2025-30158
https://nvd.nist.gov/vuln/detail/CVE-2025-30158

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners

CVE-2025-30158

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations