Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2025-67202

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL being rended from cron.erb.

VectorNETWORK

PublishedMay 07, 2026, 15:16

Published Bycve@mitre.org

Base Score

Score6.1

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

sidekiq-cron(RubyGems)02.4.0N/A

References

https://github.com/sidekiq-cron/sidekiq-cron/issues/569
https://github.com/sidekiq-cron/sidekiq-cron/releases/tag/v2.4.0

Weakness Type

CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base SeverityMedium

Version

3.1

Attack Vector (AV)

NETWORK