Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-66469

CVE-2025-66469: Zauberzeug NiceGUI XSS Vulnerability

CVE-2025-66469 is a reflected XSS vulnerability in Zauberzeug NiceGUI affecting versions 3.3.1 and below. Attackers can inject malicious JavaScript through CSS functions. This article covers technical details, impact, and patches.

Published:

CVE-2025-66469 Overview

CVE-2025-66469 is a Reflected Cross-Site Scripting (XSS) vulnerability [CWE-79] in NiceGUI, a Python-based user interface framework maintained by Zauberzeug. Versions 3.3.1 and below fail to sanitize content passed to the ui.add_css, ui.add_scss, and ui.add_sass functions before injecting it into the generated HTML page. An attacker can supply crafted input containing closing </style> or </script> tags to escape the intended context and execute arbitrary JavaScript in a victim's browser. The issue is resolved in NiceGUI version 3.4.0.

Critical Impact

Successful exploitation enables execution of attacker-controlled JavaScript in the context of a NiceGUI application, allowing session hijacking, credential theft, and UI manipulation against authenticated users.

Affected Products

  • Zauberzeug NiceGUI versions 3.3.1 and below
  • The ui.add_css function in nicegui/functions/style.py
  • The ui.add_scss and ui.add_sass functions (deprecated) in the same module

Discovery Timeline

  • 2025-12-09 - CVE-2025-66469 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-66469

Vulnerability Analysis

The vulnerability originates in NiceGUI's helper functions that inject stylesheet content into the rendered HTML head. The functions ui.add_css, ui.add_scss, and ui.add_sass accept either a raw string or a file path. When a string is provided, the content is embedded directly inside a <style> element without HTML encoding or JavaScript-context escaping. Because the surrounding tag structure is fixed but the payload is not sanitized, an attacker who controls any portion of the input can inject a closing </style> sequence followed by a <script> block. The injected script then executes when the page renders in the victim's browser. The vulnerability requires user interaction, meaning a victim must load a page that reflects attacker-supplied content.

Root Cause

The root cause is missing output encoding for the JavaScript and HTML context generated by the styling helper functions. The pre-patch implementation performed direct string interpolation into an HTML template using an f-string, trusting the caller to provide safe content. Any input path that allows attacker influence over the CSS payload propagates unchanged into the DOM.

Attack Vector

Exploitation occurs over the network and requires user interaction. An attacker crafts a URL or form input that reaches a NiceGUI endpoint invoking ui.add_css with reflected content. When the victim visits the malicious link, the server renders a page containing the injected </style><script>...</script> payload, and the browser executes the attacker-controlled JavaScript.

python
# Vulnerable code (pre-patch) vs. fix in nicegui/functions/style.py
     """
     if helpers.is_file(content):
         content = Path(content).read_text(encoding='utf-8')
-    add_head_html(f'<style>{content}</style>', shared=shared)
+    safe_content = json.dumps(content).replace('<', r'\\u003c')
+    add_head_html(f'<script>addStyle({safe_content});</script>', shared=shared)
 
 
 def add_scss(content: Union[str, Path], *, indented: bool = False, shared: bool = False) -> None:  # DEPRECATED

Source: GitHub Commit a8fd25b

The patch encodes content through json.dumps and replaces < characters with the Unicode escape \\u003c, then passes the string to a client-side addStyle helper that creates a <style> element via textContent, preventing HTML parsing of the payload.

Detection Methods for CVE-2025-66469

Indicators of Compromise

  • HTTP requests to NiceGUI endpoints containing URL-encoded </style>, </script>, or <script> sequences in query parameters or form fields
  • Server-rendered responses in which a <style> block contains stray closing tags followed by executable script content
  • Anomalous outbound requests from browser clients to attacker-controlled domains immediately after loading a NiceGUI page
  • Client-side console errors indicating unexpected script execution or CSP violations on pages invoking ui.add_css

Detection Strategies

  • Inventory NiceGUI deployments and enumerate application routes that call ui.add_css, ui.add_scss, or ui.add_sass with user-controllable input
  • Deploy Content Security Policy (CSP) reporting to capture inline script violations that would be triggered by reflected payloads
  • Instrument web application firewalls (WAF) with rules matching XSS canaries such as </style><script> and common event-handler attributes in requests targeting NiceGUI paths

Monitoring Recommendations

  • Log full request bodies and query strings for NiceGUI endpoints to enable retrospective XSS payload hunting
  • Alert on repeated CSP script-src violations originating from a single client session
  • Correlate authentication events with anomalous JavaScript-initiated requests to detect session hijacking following successful XSS

How to Mitigate CVE-2025-66469

Immediate Actions Required

  • Upgrade NiceGUI to version 3.4.0 or later on all application servers
  • Audit application code for calls to ui.add_css, ui.add_scss, and ui.add_sass that accept user-controlled input and eliminate untrusted data flows
  • Rotate any session tokens or credentials that may have been exposed to end users who accessed vulnerable endpoints

Patch Information

The fix is available in NiceGUI 3.4.0 via commit a8fd25b7d5e23afb1952d0f60a1940e18b5f1ca8. The patch escapes content with json.dumps, replaces < with \\u003c, and injects styles through a client-side addStyle helper that uses document.createElement("style") with textContent assignment. Details are published in GitHub Security Advisory GHSA-72qc-wxch-74mg.

Workarounds

  • Restrict callers of ui.add_css, ui.add_scss, and ui.add_sass to trusted, developer-controlled string literals until the upgrade is applied
  • Pre-sanitize any dynamic CSS content by stripping <, >, and backslash characters before passing it to the vulnerable functions
  • Enforce a strict Content Security Policy that disallows inline scripts to reduce impact if reflected payloads reach the browser
bash
# Upgrade NiceGUI to the patched release
pip install --upgrade "nicegui>=3.4.0"

# Verify the installed version
python -c "import nicegui; print(nicegui.__version__)"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.