XSS in Pimcore Admin-ui-classic-bundle
CVE-2025-30166
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leadi…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (0.0th percentile) — read the EPSS interpretation.
Affected products
- Pimcore Admin-ui-classic-bundle — versions < 1.7.6
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-30166?
- CVE-2025-30166 is a vulnerability in Pimcore Admin-ui-classic-bundle, classified under Cross-site Scripting. Published 2025-04-08.
- Is CVE-2025-30166 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.