CVE-2025-61078
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A cross-site scripting (XSS) vulnerability was found in phpIPAM v1.7.3 in the Request IP form. It allows remote attackers to inject arbitrary web script or HTML via the instructions parameter at the /app/admin/instructions/edit-result.php endpoint.
Risk Assessment
An attacker can steal user sessions, redirect victims to malicious sites, or perform other actions in the victim's browser context, compromising data confidentiality and integrity.
Recommendation
Update phpIPAM to the latest patched version immediately. Also implement input validation and output encoding for the instructions parameter.
Original NVD description (English source)
Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint.

