4 matches found
CVE-2025-47778
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...
CVE-2025-47778
creationtimestamp| type| source ---|---|--- 2025-05-14 18:31:54+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16358...
CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...
CVE-2025-47778
CVE-2025-47778 affects Sulu (2.5.21, 2.6.5, 3.0.0-alpha1). An admin user can upload SVGs that are parsed with XML DOM, enabling XML External Entity (XXE) references. Root cause: SVG processing loads external data via the XML DOM library. Impacts include potential data exposure and integrity conce...