CVE-2025-21616

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 6, 2025
Updated: Jan 7, 2025
CWE ID 79

Summary

CVE-2025-21616 is a cross-site scripting (XSS) vulnerability affecting the open-source project management tool, Plane. This issue, present in Plane versions below 0.23, enables authenticated users to upload malicious SVG files as profile images. When victims view these infected images, the embedded malicious JavaScript code gets executed in their browsers. This can lead to data theft or unauthorized user actions. It is crucial for Plane users to update their software to the latest version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share