XSS in Namelessmc Nameless
CVE-2025-54117
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the d…
EPSS: 0.001 (17.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Namelessmc Nameless — versions < 2.2.4
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/NamelessMC/Nameless/security/advisories/GHSA-gp3j-j84w-vqxx (x_refsource_CONFIRM)
- https://github.com/NamelessMC/Nameless/commit/0e77706b2966dd9f2e30502126d6581ecc001f09 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-54117?
- CVE-2025-54117 is a critical-severity vulnerability in Namelessmc Nameless, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 9.1/10. Published 2025-08-18.
- How severe is CVE-2025-54117?
- Critical severity. CVSS v3 base score is 9.1 out of 10.
- Is CVE-2025-54117 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.