CVE‑2025‑52842 is a medium-severity reflected Cross-Site Scripting (XSS) vulnerability in Laundry 2.3.0, a desktop application for Linux and macOS. By injecting malicious scripts into specific inputs, an attacker can execute code to hijack user sessions or take over accounts.
Vulnerability Details
- CVE ID: CVE‑2025‑52842
- Affected Software: Laundry (v2.3.0) on Linux and macOS
- CWE Identifier: CWE‑79 – Improper Neutralization of Input During Web Page Generation (Reflected XSS)
- CVSS v4.0 Score: 5.1 (Medium) — Network-based, low complexity, requires user interaction
- CVSS v3.0 Score: 6.1 (Medium)
- Attack Vector: Network
- Privileges Required: None
- User Interaction: Required (e.g., clicking a manipulated link)
- Scope: Changed (affects the application’s session state)
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Exploitation Path
An attacker can craft a malicious URL or input field that, when opened by a user in the Laundry app, executes JavaScript in the context of the application. This could allow session hijacking, redirection, or other script-based attacks.
Mitigation Steps
To protect against this vulnerability:
- Update Laundry: Wait for and apply the patched version once available.
- Sanitize Input: Ensure any user-provided strings are escaped before rendering in HTML contexts.
- Avoid Untrusted Links: Remind users to only open links from trusted sources.
- Monitor Sessions: Watch for unexpected session behavior or unauthorized access.
References & Attribution
NVD Entry for CVE-2025-52842 – National Vulnerability Database summary
https://nvd.nist.gov/vuln/detail/CVE-2025-52842
MITRE CVE Program – Source of CVE metadata and classification
© 1999–2025 The MITRE Corporation. Licensed under the MITRE CVE Terms of Use.
https://www.cve.org/Legal/TermsOfUse
https://github.com/mohaiminur/laundry
https://fluidattacks.com/advisories/winehouse
Subscribe to CybrWolf and Stay Ahead of Threats.