Cross-Site Scripting Vulnerability in Sirv CDN and Image Hosting
CVE-2025-46233

5.4MEDIUM

Key Information:

Status
Vendor
CVE Published:
22 April 2025

What is CVE-2025-46233?

A serious Cross-Site Scripting (XSS) vulnerability exists in Sirv CDN and Image Hosting, allowing for the storage of malicious scripts that can be executed in users' browsers. This vulnerability impacts versions from n/a to 7.5.3, posing potential risks to security and user data integrity if not properly addressed. It's essential for users of Sirv to implement necessary updates and follow best practices to mitigate any exploits associated with this vulnerability.

Affected Version(s)

Sirv <= 7.5.3

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)
.