Reflected XSS Vulnerability in Visionatrix AI Media Processing Tool
CVE-2025-49126

8.8HIGH

Key Information:

Vendor: Visionatrix
Status: Visionatrix
Vendor: CVE Published:; 23 June 2025

🔔 Create Visionatrix Vulnerability Alert

What is CVE-2025-49126?

A vulnerability exists in the Visionatrix AI Media Processing Tool versions 1.5.0 to before 2.5.1 at the /docs/flows endpoint. This flaw allows for Reflected XSS attacks, enabling attackers to gain control over user sessions and exfiltrate sensitive data. The issue arises from the use of the get_swagger_ui_html function in FastAPI, which fails to properly encode or sanitize inputs for HTML generation. As a result, users can be compromised through a simple one-click attack. This vulnerability has been addressed in version 2.5.1.

Affected Version(s)

Visionatrix >= 1.5.0, < 2.5.1

References

https://github.com/Visionatrix/Visionatrix/security/advis...

x_refsource_CONFIRM

https://github.com/Visionatrix/Visionatrix/commit/63aafe6...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Jun 2, 2025