CVE-2025-27109

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Feb 21, 2025

Updated: Feb 24, 2025

CWE ID 116

CWE ID 79

Summary

CVE-2025-27109 is a vulnerability affecting the solid-js library, used for building user interfaces with JavaScript. In affected versions, improper escaping of Inserts/JSX expressions inside illegal inlined JSX fragments allows user input to be rendered as HTML. This issue can lead to Cross-Site Scripting (XSS) attacks. Upgrading to version 1.9.4 is recommended to address this vulnerability, as there are currently no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

solidjs solid

Affected Vendors

Solidjs

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3fmh5t
https://www.cve.org/CVERecord?id=CVE-2025-27109
https://nvd.nist.gov/vuln/detail/CVE-2025-27109

Back to Vulnerability Database