XSS in Pi-hole Web

CVE-2025-32785

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Ad…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (8.2th percentile) — read the EPSS interpretation.

Affected products

Pi-hole Web — versions < 6.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/pi-hole/web/security/advisories/GHSA-7w6h-3gwc-qhq5 (x_refsource_CONFIRM)