CVE-2025-9095 ExpressGateway express-gateway REST Endpoint users.js cross site scripting

🗓️ 17 Aug 2025 23:02:07Reported by VulDBType

CVE-2025-9095: ExpressGateway <=1.16.10 XSS via REST; remote exploit; publicly disclosed.

Reporter	Title	Published	Views	Family All 12
CNNVD	ExpressGateway express-gateway 代码注入漏洞	17 Aug 202500:00	–	cnnvd
CVE	CVE-2025-9095	17 Aug 202523:02	–	cve
EUVD	EUVD-2025-25146	3 Oct 202520:07	–	euvd
Github Security Blog	ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js	18 Aug 202500:30	–	github
NVD	CVE-2025-9095	17 Aug 202523:15	–	nvd
OSV	GHSA-Q4RG-7CJJ-5R86 ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js	18 Aug 202500:30	–	osv
Positive Technologies	PT-2025-33620 · Unknown · Express Gateway	17 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-9095	19 Aug 202523:19	–	redhatcve
Snyk	Cross-site Scripting (XSS)	17 Aug 202523:42	–	snyk
Veracode	Cross-Site Scripting (XSS)	10 Sep 202506:00	–	veracode

[
  {
    "vendor": "ExpressGateway",
    "product": "express-gateway",
    "versions": [
      {
        "version": "1.16.0",
        "status": "affected"
      },
      {
        "version": "1.16.1",
        "status": "affected"
      },
      {
        "version": "1.16.2",
        "status": "affected"
      },
      {
        "version": "1.16.3",
        "status": "affected"
      },
      {
        "version": "1.16.4",
        "status": "affected"
      },
      {
        "version": "1.16.5",
        "status": "affected"
      },
      {
        "version": "1.16.6",
        "status": "affected"
      },
      {
        "version": "1.16.7",
        "status": "affected"
      },
      {
        "version": "1.16.8",
        "status": "affected"
      },
      {
        "version": "1.16.9",
        "status": "affected"
      },
      {
        "version": "1.16.10",
        "status": "affected"
      }
    ],
    "modules": [
      "REST Endpoint"
    ]
  }
]

Source	Link
github	www.github.com/freshfish-hust/my-cves/issues/5
vuldb	www.vuldb.com/
github	www.github.com/freshfish-hust/my-cves/issues/5
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

17 Aug 2025 23:02Current

CVSS 3.13.5

CVSS 33.5

CVSS 24

CVSS 45.1

EPSS0.00233