What is the CVSS score of EUVD-2025-33220?

EUVD-2025-33220 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Ts3 Manager are affected by EUVD-2025-33220?

Organizations using TS3 Manager should be aware of moderate risk from CVE-2025-61583, a input validation vulnerability rated CVSS 4.3.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-33220?

Yes, a public proof-of-concept exploit is available for EUVD-2025-33220. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-33220?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Ts3 Manager EUVD-2025-33220

| CVE-2025-61583 MEDIUM

Improper Input Validation (CWE-20)

2025-10-01 security-advisories@github.com

XSS Ts3 Manager

4.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

4.3 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 18:18 euvd

EUVD-2025-33220

Analysis Generated

Mar 13, 2026 - 18:18 vuln.today

PoC Detected

Oct 20, 2025 - 18:07 vuln.today

Public exploit code

Patch released

Oct 20, 2025 - 18:07 nvd

Patch available

CVE Published

Oct 01, 2025 - 23:15 nvd

MEDIUM 4.3

DescriptionGitHub Advisory

TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.

Analysis

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding. This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

A vendor patch is available — apply it immediately. Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

EUVD-2025-33220 vulnerability details – vuln.today

Back

Ts3 Manager EUVD-2025-33220

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code