Home > Vulnerability Database > CVE-2025-11360

Mend.io Vulnerability Database

CVE-2025-11360

Good to know:

Date: October 7, 2025

A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to version 1.13.2 is sufficient to resolve this issue. The patch is identified as e11de9dd6b4ea6b7ec9a5607a920d48961e9fa50. The affected component should be upgraded.

Severity Score

4.3

Related Resources (7)

Url: https://vuldb.com/?id.327247

Url: https://github.com/jakowenko/double-take/commit/e11de9dd6b4ea6b7ec9a5607a920d48961e9fa50

Url: https://vuldb.com/?ctiid.327247

Url: https://github.com/jakowenko/double-take/releases/tag/v1.13.2

Url: https://vuldb.com/?submit.664967

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11360

Url: https://www.mend.io/vulnerability-database/CVE-2025-11360

Severity Score

4.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version https://github.com/jakowenko/double-take.git - v1.13.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11360

Good to know:

Date: October 7, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?