Linux Distros Unpatched Vulnerability : CVE-2025-65110

🗓️ 12 Jan 2026 00:00:00Reported by TenableType

Linux hosts expose Vega CVE-2025-65110 DOM XSS via user definitions; fixes in Vega selections 6.1.2 and 5.6.3.

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2025-65110	5 Jan 202619:29	–	circl
CNNVD	Vega 跨站脚本漏洞	5 Jan 202600:00	–	cnnvd
CVE	CVE-2025-65110	5 Jan 202621:22	–	cve
Cvelist	CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope	5 Jan 202621:22	–	cvelist
Debian CVE	CVE-2025-65110	5 Jan 202621:22	–	debiancve
EUVD	EUVD-2025-206234	5 Jan 202622:56	–	euvd
Github Security Blog	Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope	5 Jan 202622:56	–	github
NVD	CVE-2025-65110	5 Jan 202622:15	–	nvd
OSV	CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope	5 Jan 202621:22	–	osv
OSV	DEBIAN-CVE-2025-65110	5 Jan 202622:15	–	osv

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-65110
ubuntu	www.ubuntu.com/security/CVE-2025-65110
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(282586);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_cve_id("CVE-2025-65110");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-65110");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive
    visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk
    of arbitrary JavaScript code execution, even if safe mode expressionInterpreter is used. First, they use
    `vega` in an application that attaches both `vega` library and a `vega.View` instance similar to the Vega
    Editor to the global `window`, or has any other satisfactory function gadgets in the global scope. Second,
    they allow user-defined Vega `JSON` definitions (vs JSON that was is only provided through source code).
    This vulnerability allows for DOM XSS, potentially stored, potentially reflected, depending on how the
    library is being used. The vulnerability requires user interaction with the page to trigger. An attacker
    can exploit this issue by tricking a user into opening a malicious Vega specification. Successful
    exploitation allows the attacker to execute arbitrary JavaScript in the context of the application's
    domain. This can lead to theft of sensitive information such as authentication tokens, manipulation of
    data displayed to the user, or execution of unauthorized actions on behalf of the victim. This exploit
    compromises confidentiality and integrity of impacted applications.Patched versions are available in
    `[email protected]` (requires ESM) for Vega v6 and `[email protected]` (no ESM needed) for Vega
    v5. As a workaround, do not attach `vega` or `vega.View` instances to global variables or the window as
    the editor used to do. This is a development-only debugging practice that should not be used in any
    situation where Vega/Vega-lite definitions can come from untrusted parties. (CVE-2025-65110)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-65110");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-65110");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-65110");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vega.js");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vega.js");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-12", "Host/OS/Debian Linux-13", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "libjs-vega"},
          {"reference": "node-vega"}
        ]
      }
    ]
  },
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "libjs-vega"},
          {"reference": "node-vega"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "vega.js"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "vega.js"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

21 May 2026 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.18.1 - 9.3

EPSS0.00452

SSVC