EUVD-2025-14948

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Sulu vulnerable to XML External Entity in SVG file upload inspector security issue

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-47778	14 May 202518:31	–	circl
CNNVD	Sulu 代码问题漏洞	14 May 202500:00	–	cnnvd
CVE	CVE-2025-47778	14 May 202515:29	–	cve
Cvelist	CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector	14 May 202515:29	–	cvelist
Github Security Blog	Sulu vulnerable to XXE in SVG File upload Inspector	15 May 202516:08	–	github
NVD	CVE-2025-47778	14 May 202516:15	–	nvd
OSV	CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector	14 May 202515:29	–	osv
OSV	GHSA-F6RX-HF55-4255 Sulu vulnerable to XXE in SVG File upload Inspector	15 May 202516:08	–	osv
Positive Technologies	PT-2025-21177 · Sulu · Sulu	14 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-47778	16 May 202516:09	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "9eb3d8c5-d541-3bfa-a356-0f308bdf12f7",
        "vendor": {
          "name": "sulu"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5b1165ee-4775-3658-8fec-4dcd78363c8e",
        "product": {
          "name": "sulu"
        },
        "product_version": "2.5.21, < 2.5.25"
      },
      {
        "id": "6b526562-534a-3744-a2f7-ad4d2de3b5e7",
        "product": {
          "name": "sulu"
        },
        "product_version": "2.6.5, < 2.6.9"
      },
      {
        "id": "976563c8-1a2e-3c97-843e-36e5eae09e95",
        "product": {
          "name": "sulu"
        },
        "product_version": "3.0.0-alpha1, < 3.0.0-alpha3"
      }
    ]
  }
]

Source	Link
github	www.github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255
github	www.github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544
github	www.github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-47778

03 Oct 2025 20:07Current

6.3Medium risk

Vulners AI Score6.3

CVSS 48.6

EPSS0.00243

SSVC