What is the severity of CVE-2025-30219?

CVE-2025-30219 has a high severity level due to its potential for arbitrary JavaScript code execution.

How do I fix CVE-2025-30219?

To resolve CVE-2025-30219, upgrade your RabbitMQ or Tanzu RabbitMQ installation to version 4.0.3 or higher.

What types of software are affected by CVE-2025-30219?

CVE-2025-30219 affects RabbitMQ versions prior to 4.0.3 and Tanzu RabbitMQ versions prior to 3.13.8 and 4.0.3.

What attacks are possible due to CVE-2025-30219?

CVE-2025-30219 allows attackers to modify virtual host names on disk and potentially execute arbitrary JavaScript code.

Is CVE-2025-30219 a local or remote vulnerability?

CVE-2025-30219 is considered a remote vulnerability as it can be exploited over the network.

Vulnerability/
CVE-2025-30219

medium

6.1

CWE

25/3/2025

CVE-2025-30219: RabbitMQ has XSS Vulnerability in an Error Message in Management UI

First published: Tue Mar 25 2025(Updated: )

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
	<4.0.3
	<4.0.3<3.13.8

Never miss a vulnerability like this again

Reference Links

https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p

Frequently Asked Questions

What is the severity of CVE-2025-30219?
CVE-2025-30219 has a high severity level due to its potential for arbitrary JavaScript code execution.
How do I fix CVE-2025-30219?
To resolve CVE-2025-30219, upgrade your RabbitMQ or Tanzu RabbitMQ installation to version 4.0.3 or higher.
What types of software are affected by CVE-2025-30219?
CVE-2025-30219 affects RabbitMQ versions prior to 4.0.3 and Tanzu RabbitMQ versions prior to 3.13.8 and 4.0.3.
What attacks are possible due to CVE-2025-30219?
CVE-2025-30219 allows attackers to modify virtual host names on disk and potentially execute arbitrary JavaScript code.
Is CVE-2025-30219 a local or remote vulnerability?
CVE-2025-30219 is considered a remote vulnerability as it can be exploited over the network.

collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/event
agent/severity
agent/author
agent/source
agent/last-modified-date
agent/guess-ai
agent/tags
agent/softwarecombine
vendor/rabbitmq
vendor/tanzu

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.