CVE-2025-31575

Summary

CVE-2025-31575 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Vasilis Triantafyllou's Flag Icons. The weakness lies in the improper neutralization of script-related HTML tags in the web page. An attacker can exploit this flaw to inject malicious scripts into the vulnerable webpage, which can be later executed when other users view the page. This vulnerability, present in Flag Icons versions from n/a to 2.2, poses a significant risk as it can lead to unauthorized access, data theft, or other malicious activities. It is crucial that users upgrade to a patched version of Flag Icons as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.