CVE-2025-67202

medium Red Hat
CVSS v3 Base Score
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: May 7, 2026 (64 days ago)
Last Modified: May 7, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Sidekiq-cron, an open-source scheduling add-on for Sidekiq. A remote attacker could exploit this cross-site scripting (XSS) vulnerability by injecting malicious scripts into a crafted URL. When this URL is rendered from `cron.erb`, the attacker's script would execute in the victim's browser, potentially leading to information disclosure or session hijacking.

CWE

CWE-79

Affected Products

Red Hat 3scale API Management Platform 2

References