CVE-2025-13488
December 04, 2025
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user context.
Affected Packages
https://github.com/sonatype/nexus-public.git (GITHUB):
Affected version(s) >=release-3.83.0-08 <release-3.87.0-03Fix Suggestion:
Update to version release-3.87.0-03org.sonatype.nexus:nexus-base (JAVA):
Affected version(s) >=3.83.0-08 <3.87.0-03Fix Suggestion:
Update to version 3.87.0-03org.sonatype.nexus.plugins:nexus-repository-httpbridge (JAVA):
Affected version(s) >=3.83.0-08 <3.87.0-03Fix Suggestion:
Update to version 3.87.0-03Do you need more information?
Contact UsCVSS v4
Base Score:
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EPSS
Base Score:
0.07
