CVE-2025-47778

Sažetak

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.

Reference

https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php
https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544
https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

16-05-2025 - 14:43

Objavljeno

14-05-2025 - 16:15