Reflected XSS Vulnerability in Visionatrix AI Media Processing Tool
CVE-2025-49126

8.8HIGH

Key Information:

Vendor

Visionatrix

Status
Visionatrix
Vendor
CVE Published:
23 June 2025

What is CVE-2025-49126?

A vulnerability exists in the Visionatrix AI Media Processing Tool versions 1.5.0 to before 2.5.1 at the /docs/flows endpoint. This flaw allows for Reflected XSS attacks, enabling attackers to gain control over user sessions and exfiltrate sensitive data. The issue arises from the use of the get_swagger_ui_html function in FastAPI, which fails to properly encode or sanitize inputs for HTML generation. As a result, users can be compromised through a simple one-click attack. This vulnerability has been addressed in version 2.5.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Visionatrix >= 1.5.0, < 2.5.1

References

https://github.com/Visionatrix/Visionatrix/security/advis...
x_refsource_CONFIRM
https://github.com/Visionatrix/Visionatrix/commit/63aafe6...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.