What is the severity of CVE-2025-27155?

CVE-2025-27155 is classified as a medium severity vulnerability due to its potential impact on user data security.

How do I fix CVE-2025-27155?

To fix CVE-2025-27155, upgrade to the Pinecone Simulator version beyond commit ea4c337 where the vulnerability has been addressed.

What specific vulnerability is present in CVE-2025-27155?

CVE-2025-27155 involves a stored cross-site scripting vulnerability in the Pinecone Simulator.

Is CVE-2025-27155 present in all versions of Pinecone Simulator?

CVE-2025-27155 is only present in Pinecone Simulator versions up to and including commit ea4c337.

Who is affected by CVE-2025-27155?

Users of the Pinecone Simulator up to version ea4c337 are susceptible to CVE-2025-27155.

Vulnerability/
CVE-2025-27155

medium

6.1

CWE

79 80

EPSS

0.043%

4/3/2025

CVE-2025-27155: In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim

First published: Tue Mar 04 2025(Updated: )

### Impact The Pinecone Simulator (pineconesim) included in Pinecone up to commit https://github.com/matrix-org/pinecone/commit/ea4c33717fd74ef7d6f49490625a0fa10e3f5bbc is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconsim. ### Patches Commit https://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd contains the fixes. ### Workarounds N/A ### For more information If you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Pinecone Simulator	<=ea4c337
go/github.com/matrix-org/pinecone	<=0.11.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-27155?
CVE-2025-27155 is classified as a medium severity vulnerability due to its potential impact on user data security.
How do I fix CVE-2025-27155?
To fix CVE-2025-27155, upgrade to the Pinecone Simulator version beyond commit ea4c337 where the vulnerability has been addressed.
What specific vulnerability is present in CVE-2025-27155?
CVE-2025-27155 involves a stored cross-site scripting vulnerability in the Pinecone Simulator.
Is CVE-2025-27155 present in all versions of Pinecone Simulator?
CVE-2025-27155 is only present in Pinecone Simulator versions up to and including commit ea4c337.
Who is affected by CVE-2025-27155?
Users of the Pinecone Simulator up to version ea4c337 are susceptible to CVE-2025-27155.

collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/first-publish-date
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/softwarecombine
agent/description
agent/event
agent/references
collector/nvd-cve
collector/github-advisory-latest
source/GitHub
alias/GHSA-fr62-mg2q-7wqv
alias/CVE-2025-27155
agent/last-modified-date
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/pinecone
canonical/pinecone simulator
package-manager/go

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.