CVE 9.1 CRITICAL

CVE-2025-63416_CVE-2025-63416

November 5, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrative data and functions, leading to privilege escalation and full compromise of sensitive user data, as demonstrated by the ability to fetch and exfiltrate the contents of the /admin/users endpoint.

AI Analysis

Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality

Basic Information

ID CVE-2025-63416

Source mitre

Published Nov 5, 2025 at 00:00

Modified Nov 5, 2025 at 19:08

Affected Product

Vendor SelfBest

Product SelfBest

Version 2023.3

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor SelfBest

Product SelfBest platform

Version 2023.3

References

{
    "lastseen": "",
    "description": "** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrative data and functions, leading to privilege escalation and full compromise of sensitive user data, as demonstrated by the ability to fetch and exfiltrate the contents of the /admin/users endpoint.",
    "published": "2025-11-05T00:00:00.000Z",
    "modified": "2025-11-05T19:08:09.280Z",
    "type": "cve",
    "title": "CVE-2025-63416",
    "source": "mitre",
    "references": "https://self.best\nhttps://rohitchaudhary045.medium.com/cve-2025-63416-the-admin-panel-heist-stored-xss-to-privilege-escalation-b4c69d8487f1",
    "id": "CVE-2025-63416",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SelfBest",
    "version": "2023.3",
    "vendor": "SelfBest",
    "ai_description": "Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality",
    "ai_severity": "Critical",
    "ai_vendor": "SelfBest",
    "ai_product": "SelfBest platform",
    "ai_version": "2023.3",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply