CVE-2025-25063

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Feb 3, 2025

CWE ID 79

Summary

CVE-2025-25063 is an XSS vulnerability affecting Backdrop CMS versions 1.28.x before 1.28.5 and 1.29.x before 1.29.3. The issue lies in insufficient validation of uploaded SVG images, allowing the injection of potentially dangerous SVG tags. Malicious SVG images can contain clickable links and scripting, which can be executed in the browser when viewed. However, the attacker needs to upload the SVG image, and the scripting is prevented when the image is embedded within <img> tags. The vulnerability is mitigated but not entirely eliminated, as SVG images can still be viewed directly by their URL, enabling script execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3BGGFv
https://www.cve.org/CVERecord?id=CVE-2025-25063
https://nvd.nist.gov/vuln/detail/CVE-2025-25063

Back to Vulnerability Database

CVE-2025-25063

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations