CVE-2025-29156: XSS
Published Sep 25, 2025
·Updated
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
Affected Software
2 affected components
petstore petstore
SMARTBEAR Swagger Petstore=1.0.7
Event History
Sep 25, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·07:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-29156?
CVE-2025-29156 is classified as a high severity vulnerability due to its potential for remote code execution via cross-site scripting.
2
How do I fix CVE-2025-29156?
To mitigate CVE-2025-29156, ensure proper input validation and output encoding in the petstore application to prevent script injection.
3
What software is affected by CVE-2025-29156?
CVE-2025-29156 specifically affects petstore version 1.0.7.
4
Can CVE-2025-29156 lead to data theft?
Yes, CVE-2025-29156 could potentially allow attackers to steal sensitive information through executed scripts.
5
Is CVE-2025-29156 easy to exploit?
CVE-2025-29156 can be exploited easily by sending a crafted script to the vulnerable API endpoint.