Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-69517

CVE-2025-69517: Tactical RMM XSS Vulnerability

CVE-2025-69517 is an HTML injection vulnerability in Tactical RMM that allows authenticated users to inject malicious HTML via the agent_id parameter. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-69517 Overview

CVE-2025-69517 is an HTML injection vulnerability affecting Amidaware Inc Tactical RMM, an open-source remote monitoring and management platform. The vulnerability exists in the agent creation functionality, specifically within the POST /api/v3/newagent/ endpoint. Authenticated users can inject arbitrary HTML content through the agent_id parameter, which accepts up to 255 characters and is improperly sanitized. The injected HTML is rendered in the Tactical RMM management panel when an administrator attempts to remove or shut down the affected agent, potentially leading to client-side attacks such as UI manipulation or phishing.

Critical Impact

Authenticated attackers can inject malicious HTML content that renders in the administrator's management panel, enabling UI manipulation and phishing attacks against system administrators.

Affected Products

  • Amidaware Inc Tactical RMM v1.3.1 and earlier versions

Discovery Timeline

  • 2026-01-28 - CVE CVE-2025-69517 published to NVD
  • 2026-01-30 - Last updated in NVD database

Technical Details for CVE-2025-69517

Vulnerability Analysis

This HTML injection vulnerability (CWE-94: Improper Control of Generation of Code) stems from inadequate input sanitization in the Tactical RMM web application. The vulnerability affects the agent registration workflow where user-supplied input in the agent_id parameter is not properly filtered before being stored and later rendered in the administrative interface.

The application attempts to sanitize input using DOMPurify.sanitize() with the html: true option enabled. However, this configuration fails to adequately filter HTML input, allowing malicious HTML content to bypass sanitization and be rendered when administrators interact with the affected agent entries. When an administrator views, removes, or shuts down the compromised agent, the injected HTML executes in their browser context.

Note: The vendor disputes this vulnerability, stating that the report contains incorrect information. Users should consult the AmidAware Official Website and the GitHub TacticalRMM Repository for the latest security guidance.

Root Cause

The root cause of this vulnerability is the misconfiguration of the DOMPurify sanitization library. By enabling the html: true option, the sanitizer allows HTML content to pass through rather than stripping or encoding it. The agent_id parameter, which accepts up to 255 characters, provides sufficient space for meaningful HTML payloads to be injected. The lack of proper output encoding when displaying agent information in the management panel compounds this issue, allowing the stored HTML to be interpreted by the browser.

Attack Vector

The attack vector is network-based and requires authentication to the Tactical RMM platform. An attacker with valid credentials can exploit this vulnerability by:

  1. Authenticating to the Tactical RMM platform
  2. Creating a new agent via the POST /api/v3/newagent/ endpoint
  3. Injecting malicious HTML content in the agent_id parameter
  4. Waiting for an administrator to interact with the compromised agent entry

The injected HTML renders when an administrator views the agent list or attempts administrative actions such as agent removal or shutdown. This creates an opportunity for phishing attacks, UI manipulation, or other client-side attacks targeting privileged users.

For technical details and proof-of-concept information, refer to the GitHub Gist PoC published by the security researcher.

Detection Methods for CVE-2025-69517

Indicators of Compromise

  • Unusual HTML tags or encoded HTML entities within agent_id values in the Tactical RMM database
  • Agent entries containing suspicious characters such as <, >, script, iframe, or onclick in their identifiers
  • API logs showing abnormally long or malformed payloads to the /api/v3/newagent/ endpoint
  • Administrator reports of unexpected UI elements, pop-ups, or phishing prompts when managing agents

Detection Strategies

  • Monitor and alert on HTTP POST requests to /api/v3/newagent/ containing HTML special characters or tags in the request body
  • Implement Web Application Firewall (WAF) rules to detect and block HTML injection patterns in API parameters
  • Review Tactical RMM application logs for agent creation events with unusual agent_id values exceeding typical naming conventions
  • Deploy browser-based Content Security Policy (CSP) monitoring to detect inline script execution attempts

Monitoring Recommendations

  • Enable detailed logging for all agent creation and modification API endpoints in Tactical RMM
  • Configure SIEM rules to correlate multiple suspicious agent creation attempts from the same authenticated user
  • Implement database integrity monitoring to detect HTML content in fields that should contain plain text identifiers
  • Review authentication logs for accounts being used to create agents with suspicious naming patterns

How to Mitigate CVE-2025-69517

Immediate Actions Required

  • Review all existing agent entries in the Tactical RMM database for suspicious HTML content in the agent_id field
  • Implement additional input validation on the /api/v3/newagent/ endpoint at the network perimeter using a WAF
  • Restrict agent creation privileges to trusted administrators only until a patch is available
  • Monitor the GitHub TacticalRMM Repository for security updates and patches

Patch Information

As of the last NVD update on 2026-01-30, no official patch information has been published by the vendor. The vendor has disputed the vulnerability report, stating that it contains incorrect information. Users should monitor the official AmidAware website and the Tactical RMM GitHub repository for updates regarding this issue.

Organizations are advised to contact Amidaware Inc directly for clarification on the vendor's position and any available mitigations.

Workarounds

  • Implement strict input validation at the API gateway level to reject requests containing HTML tags in the agent_id parameter
  • Deploy a reverse proxy with custom rules to sanitize or block HTML content in agent creation requests
  • Apply the principle of least privilege by limiting which user accounts can create new agents
  • Configure Content Security Policy (CSP) headers to mitigate the impact of any successfully injected HTML content
bash
# Example nginx configuration to block HTML in agent_id parameter
# Add to location block handling /api/v3/newagent/
location /api/v3/newagent/ {
    # Block requests containing HTML tags in body
    if ($request_body ~* "<[^>]+>") {
        return 403;
    }
    proxy_pass http://tactical_backend;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.