CVE-2025-13415

Summary

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.

Affected Software

VendorProductVersion RangeStatus
icretEasyImages2.8.0affected
icretEasyImages2.8.1affected
icretEasyImages2.8.2affected
icretEasyImages2.8.3affected
icretEasyImages2.8.4affected
icretEasyImages2.8.5affected
icretEasyImages2.8.6affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References