CVE-2025-32391

EPSS 0.26%
Veröffentlicht 10.04.2025 13:11:48
Zuletzt bearbeitet 17.09.2025 18:24:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub Gist embeddings. Only instances with the local filesystem upload backend or special configurations, where the uploads are served from the same domain as HedgeDoc, are vulnerable. This vulnerability is fixed in 1.10.3. When upgrading to HedgeDoc 1.10.3 is not possible, instance owners could add the following headers for all routes under /uploads as a first-countermeasure: Content-Disposition: attachment and Content-Security-Policy: default-src 'none'. Additionally, the external URLs in the script-src attribute of the Content-Security-Policy header should be removed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hedgedoc ≫ Hedgedoc Version < 1.10.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.174

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
security-advisories@github.com	6.4	1.2	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-3983-rrqh-mvx5

Vendor Advisory

Mitigation

https://github.com/hedgedoc/hedgedoc/commit/0636b5c20b7097afccfa6641830352ad068ef964

Patch

https://github.com/hedgedoc/hedgedoc/commit/3f520ea59abf912c66d7443cb99f29a567c47748

Patch

https://github.com/hedgedoc/hedgedoc/commit/d2585fbd3b398b3359f6f88aa1fda8f4ecf2f78d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-32391

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32391

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32391

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32391