Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-11146

Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.

Published

2025-09-29T10:15:36.837

Last Modified

2025-10-16T15:54:35.073

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apt-cacher-ng_project	apt-cacher-ng	3.2-1	Yes

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apt-cacher-ng Third Party Advisory ([email protected])