CVE-2025-14896

Summary

due to insufficient sanitazation in Vega’s convert() function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitive information.

Affected Software

VendorProductVersion RangeStatus
yuzutechkroki0 < *affected

Weaknesses

  • CWE-552: Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References