CVE-2025-30219: RabbitMQ has XSS Vulnerability in an Error Message in Management UI
Published Mar 25, 2025
·Updated
Last updated 31 March 2025
Affected Software
3 affected componentsFixes available
debian/rabbitmq-server<=3.8.9-3+deb11u1, <=3.10.8-1.1+deb12u1
4.0.5-3
Pivotal RabbitMQ<4.0.3
Pivotal Tanzu RabbitMQ<4.0.3, <3.13.8
Event History
Mar 25, 2025
CVE Published
via MITRE·10:55 PM
Data Sourced
via MITRE·10:55 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeakness
Mar 31, 2025
Data Sourced
via Ubuntu·07:13 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Debian·07:14 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-30219?
CVE-2025-30219 has a high severity level due to its potential for arbitrary JavaScript code execution.
2
How do I fix CVE-2025-30219?
To resolve CVE-2025-30219, upgrade your RabbitMQ or Tanzu RabbitMQ installation to version 4.0.3 or higher.
3
What types of software are affected by CVE-2025-30219?
CVE-2025-30219 affects RabbitMQ versions prior to 4.0.3 and Tanzu RabbitMQ versions prior to 3.13.8 and 4.0.3.
4
What attacks are possible due to CVE-2025-30219?
CVE-2025-30219 allows attackers to modify virtual host names on disk and potentially execute arbitrary JavaScript code.
5
Is CVE-2025-30219 a local or remote vulnerability?
CVE-2025-30219 is considered a remote vulnerability as it can be exploited over the network.