9.6

CVE-2025-69771

EPSS 0.05%
Veröffentlicht 25.02.2026 00:00:00
Zuletzt bearbeitet 20.03.2026 19:16:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the same-site context, it can bypass cross-origin restrictions, leading to unauthorized same-site API requests and session data exfiltration.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Killergerbah ≫ Asbplayer SwPlatformchrome Version <= 1.13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://reve-offensive.tistory.com/35

Third Party Advisory

https://github.com/killergerbah/asbplayer

https://nvd.nist.gov/vuln/detail/CVE-2025-69771

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69771

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69771

EUVD