What is CVE-2025-48996?

CVE-2025-48996 is a medium-severity vulnerability in Haxtheweb Issues, classified under Insertion of Sensitive Information into Sent Data. CVSS score: 5.3/10. Published 2025-06-02.

How severe is CVE-2025-48996?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Haxtheweb Issues

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management…

EPSS: 0.002 (43.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Haxtheweb Issues — versions <= 10.0.2

Weakness classification (CWE)

CWE-201 — Insertion of Sensitive Information into Sent Data

References

https://github.com/haxtheweb/issues/security/advisories/GHSA-fvx2-x7ff-fc56 (x_refsource_CONFIRM)
https://github.com/haxtheweb/open-apis/commit/06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-48996?: CVE-2025-48996 is a medium-severity vulnerability in Haxtheweb Issues, classified under Insertion of Sensitive Information into Sent Data. CVSS score: 5.3/10. Published 2025-06-02.
How severe is CVE-2025-48996?: Medium severity. CVSS v3 base score is 5.3 out of 10.