CVE-2025-67202
mediumCVSS v3 Base Score
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Sidekiq-cron, an open-source scheduling add-on for Sidekiq. A remote attacker could exploit this cross-site scripting (XSS) vulnerability by injecting malicious scripts into a crafted URL. When this URL is rendered from `cron.erb`, the attacker's script would execute in the victim's browser, potentially leading to information disclosure or session hijacking.
CWE
CWE-79Affected Products
Red Hat 3scale API Management Platform 2