CVE-2025-0716

{"id": "CVE-2025-0716", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2025-04-29T17:15:39.790", "references": [{"url": "https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c"}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c"}, {"url": "https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "description": [{"lang": "en", "value": "CWE-791"}]}], "descriptions": [{"lang": "en", "value": "Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing \u00a0and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status ."}, {"lang": "es", "value": "La limpieza incorrecta del valor de los atributos 'href' y 'xlink:href' en los elementos SVG '' de AngularJS permite a los atacantes eludir las restricciones comunes de las fuentes de im\u00e1genes. Esto puede provocar suplantaci\u00f3n de contenido (https://owasp.org/www-community/attacks/Content_Spoofing) y afectar negativamente el rendimiento y el comportamiento de la aplicaci\u00f3n al usar im\u00e1genes demasiado grandes o de carga lenta. Este problema afecta a todas las versiones de AngularJS. Nota: El proyecto AngularJS ha finalizado su ciclo de vida y no recibir\u00e1 actualizaciones para solucionar este problema. Para m\u00e1s informaci\u00f3n, consulte aqu\u00ed: https://docs.angularjs.org/misc/version-support-status."}], "lastModified": "2025-05-02T13:53:40.163", "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c"}