CVE-2025-25063

{"id": "CVE-2025-25063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.3}]}, "published": "2025-02-03T04:15:09.760", "references": [{"url": "https://backdropcms.org/security/backdrop-sa-core-2025-002", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de XSS en Background CMS 1.28.x anterior a 1.28.5 y 1.29.x anterior a 1.29.3. No valida lo suficiente las im\u00e1genes SVG cargadas para garantizar que no contengan etiquetas SVG potencialmente peligrosas. Las im\u00e1genes SVG pueden contener enlaces en los que se puede hacer clic y secuencias de comandos ejecutables, y al usar un SVG manipulado, es posible ejecutar secuencias de comandos en el navegador cuando se visualiza una imagen SVG. Este problema se mitiga porque el atacante necesita poder cargar im\u00e1genes SVG y porque Background incrusta todas las im\u00e1genes SVG cargadas dentro de las etiquetas <img>, lo que evita que se ejecuten secuencias de comandos. El SVG debe visualizarse directamente por su URL para poder ejecutar cualquier secuencia de comandos incrustada."}], "lastModified": "2026-01-23T18:54:39.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39EE496A-3364-4130-9E8F-D775C0F5E905", "versionEndExcluding": "1.28.5", "versionStartIncluding": "1.28.0"}, {"criteria": "cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB62109D-7E44-4BDF-8508-FA491815FB75", "versionEndExcluding": "1.29.3", "versionStartIncluding": "1.29.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}