关键信息 CVE-ID CVE-2025-5573 Bug Author markaug Product new-api GitHub Link: https://github.com/CalciumIon/new-api Description Vulnerability Type: XSS Vulnerability Severity: High Affected Version: Playground. 2. Send a message containing XSS code to the AI. The server returns an error response without handling it. 3. Enable "Show Debug" on the page to trigger the XSS code. 4. Export the conversation by clicking the export button. 5. Log in using another admin account and navigate to Console -> Playground. 6. Import the previously exported file containing XSS code. 7. The admin user is successfully compromised by the XSS attack. Impact If any user in the system (including administrators) imports a conversation file containing XSS code, they will be affected by this vulnerability.