Browse all 4 CVE security advisories affecting Lookyloo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Lookyloo is a web interface for analyzing and visualizing potentially malicious URLs, primarily used by security researchers and threat intelligence teams to investigate suspicious links. Historically, Lookyloo has been associated with several critical vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The platform has experienced notable security incidents, including a 2021 breach where attackers exploited an RCE vulnerability to gain unauthorized access to the system, affecting multiple user accounts. Despite these issues, Lookyloo remains a valuable tool for malware analysis, though users should remain vigilant about potential security risks when interacting with the platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66460 | Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables — lookylooCWE-79 | 7.5AI | HighAI | 2025-12-02 |
| CVE-2025-66459 | Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML — lookylooCWE-79 | 6.1AI | MediumAI | 2025-12-02 |
| CVE-2025-66458 | Lookyloo has multiple XSS due to unsafe use of f-strings in Markup — lookylooCWE-79 | 6.1AI | MediumAI | 2025-12-02 |
| CVE-2025-65095 | Lookyloo is vulnerable due to improper user input sanitization — lookylooCWE-79 | 6.1AI | MediumAI | 2025-11-19 |
This page lists every published CVE security advisory associated with Lookyloo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.