CVE-2025-1647: XSS in Bootstrap title attribute for Tooltip and Popover

Q: What is the severity of CVE-2025-1647?

CVE-2025-1647 has been classified as a Cross-Site Scripting (XSS) vulnerability which can lead to serious security risks if exploited.

Q: How do I fix CVE-2025-1647?

To fix CVE-2025-1647, update Bootstrap to version 4.0.0 or later to eliminate the vulnerability.

Q: What versions of Bootstrap are affected by CVE-2025-1647?

CVE-2025-1647 affects Bootstrap versions from 3.4.1 up to but not including 4.0.0.

Q: What type of vulnerability is CVE-2025-1647?

CVE-2025-1647 is categorized as a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input.

Q: Can CVE-2025-1647 be exploited remotely?

Yes, CVE-2025-1647 can be exploited remotely, allowing attackers to inject malicious scripts into web pages viewed by users.

Published May 15, 2025

Updated

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

Affected Software

1 affected component

Bootstrap Bootstrap>4.0.0, <=3.4.1

Event History

May 15, 2025

CVE Published

via MITRE·04:26 PM

Data Sourced

via MITRE·04:26 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·05:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2025-1647?

CVE-2025-1647 has been classified as a Cross-Site Scripting (XSS) vulnerability which can lead to serious security risks if exploited.

How do I fix CVE-2025-1647?

To fix CVE-2025-1647, update Bootstrap to version 4.0.0 or later to eliminate the vulnerability.

What versions of Bootstrap are affected by CVE-2025-1647?

CVE-2025-1647 affects Bootstrap versions from 3.4.1 up to but not including 4.0.0.

What type of vulnerability is CVE-2025-1647?

CVE-2025-1647 is categorized as a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input.

Can CVE-2025-1647 be exploited remotely?