XSS in Pi-hole Web

CVE-2025-53533

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting (…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (65.4th percentile) — read the EPSS interpretation.

Affected products

Pi-hole Web — versions < 6.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/pi-hole/web/security/advisories/GHSA-w8f8-92rx-4f6w (x_refsource_CONFIRM)