Overview
CVE-2025-52667 describes a stored Cross-Site Scripting (XSS) vulnerability found in Revive Adserver versions 6.0.1 and 5.5.2 and earlier. The vulnerability stems from a missing JSON Content-Type header in a specific script. This omission allows a logged-in manager user to inject malicious scripts that are then stored on the server and executed when other users (potentially with higher privileges) access the affected page. This can lead to account compromise, data theft, or other malicious activities.
Technical Details
The vulnerability arises due to the server’s failure to explicitly set the Content-Type header to application/json when serving JSON data from a particular script. Without this header, the browser might misinterpret the JSON response, potentially allowing it to be treated as HTML. A malicious manager user can then inject JavaScript code into a field that is later displayed in the browser. Because the script is stored, any user viewing the affected page will have the malicious code executed in their browser context.
Specifically, the attacker can inject malicious Javascript code into an input field that expects user-supplied content, and save it. When the content is served in the browser due to the missing Content-Type header the XSS is triggered.
CVSS Analysis
Currently, the CVSS score and severity are listed as N/A. However, given the nature of a stored XSS vulnerability, it is likely to be classified as a medium to high severity issue once a CVSS score is calculated. Stored XSS vulnerabilities have a higher impact than reflected XSS because the payload is persistent and can affect a wider range of users.
Possible Impact
Successful exploitation of this vulnerability could lead to several detrimental consequences:
- Account Compromise: An attacker could steal the session cookies of other users, including administrators, gaining unauthorized access to their accounts.
- Data Theft: Sensitive data stored within the Revive Adserver instance could be exfiltrated.
- Malware Distribution: The injected script could be used to redirect users to malicious websites or install malware on their systems.
- Defacement: The injected script could be used to alter the appearance of the Revive Adserver interface, causing disruption and reputational damage.
Mitigation or Patch Steps
The recommended mitigation is to upgrade to a patched version of Revive Adserver that addresses this vulnerability. Specific steps include:
- Upgrade Revive Adserver: Check the Revive Adserver website for the latest version. Upgrade to the most recent stable release as soon as possible.
- Manual Header Configuration (Temporary): As a temporary measure, you can configure your web server (e.g., Apache, Nginx) to explicitly set the
Content-Type: application/jsonheader for all responses from the affected script. This requires modifying your web server’s configuration files. Consult your web server’s documentation for instructions on how to configure HTTP headers. - Input Validation and Output Encoding: While not a complete fix, implementing robust input validation and output encoding can help mitigate the impact of XSS vulnerabilities. Ensure that all user-supplied data is properly validated and sanitized before being stored in the database and that all output is properly encoded before being displayed in the browser.
