EUVD-2025-198335

🗓️ 20 Nov 2025 21:30:32Reported by EUVDType

Missing JSON Content-Type header in Revive Adserver versions enables stored cross site scripting for logged in managers.

Reporter	Title	Published	Views	Family All 9
CNNVD	Revive Adserver 安全漏洞	20 Nov 202500:00	–	cnnvd
CNVD	Revive Adserver Cross-Site Scripting Vulnerability	24 Nov 202500:00	–	cnvd
CVE	CVE-2025-52667	20 Nov 202519:10	–	cve
Cvelist	CVE-2025-52667	20 Nov 202519:10	–	cvelist
Hacker One	Revive Adserver: Stored XSS on inventory-retrieve.php	25 Oct 202521:24	–	hackerone
NVD	CVE-2025-52667	20 Nov 202520:16	–	nvd
Positive Technologies	PT-2025-47617	20 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-52667	21 Nov 202519:37	–	redhatcve
Vulnrichment	CVE-2025-52667	20 Nov 202519:10	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "e31fd17d-3ffe-3a5b-b1ea-c204c6fc4a0b",
        "vendor": {
          "name": "Revive"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3b118bdd-2519-36d6-9189-fa23cccd38ab",
        "product": {
          "name": "Revive Adserver"
        },
        "product_version": "5 ≤5.5.2"
      },
      {
        "id": "9c309fab-17b8-3ff4-a2f6-9b67ae2eb52b",
        "product": {
          "name": "Revive Adserver"
        },
        "product_version": ""
      },
      {
        "id": "acf65e09-a85c-3733-9616-329ce05f5930",
        "product": {
          "name": "Revive Adserver"
        },
        "product_version": "6 ≤6.0.1"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/3399809
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-52667

20 Nov 2025 21:30Current

4.1Medium risk

Vulners AI Score4.1

CVSS 33.5

EPSS0.00016

SSVC