Skip to main content

Python CVE-2025-49126

| EUVDEUVD-2025-18919 HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-06-23 security-advisories@github.com
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:36 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2.5.1
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2025-18919
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 18:15 nvd
HIGH 8.8

DescriptionGitHub Advisory

Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation uses the get_swagger_ui_html function from FastAPI. This function does not encode or sanitize its arguments before using them to generate the HTML for the swagger documentation page and is not intended to be used with user-controlled arguments. Any user of this application can be targeted with a one-click attack that can takeover their session and all the secrets that may be contained within it. This issue has been patched in version 2.5.1.

AnalysisAI

Visionatrix versions 1.5.0 through 2.5.0 contain a Reflected XSS vulnerability in the /docs/flows endpoint that allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers. The vulnerability stems from improper use of FastAPI's get_swagger_ui_html function with unsanitized user-controlled input, enabling session hijacking and exfiltration of application secrets. The CVSS 8.8 score reflects high severity due to network accessibility, low attack complexity, and no privilege requirements, though user interaction is required to trigger the exploit.

Technical ContextAI

Visionatrix is an AI media processing application built on ComfyUI that uses FastAPI for its REST API and Swagger UI for API documentation. The vulnerability exists in the /docs/flows endpoint implementation, which improperly invokes FastAPI's get_swagger_ui_html() function without sanitizing arguments before HTML generation. CWE-79 (Improper Neutralization of Input During Web Page Generation) identifies the root cause: the function was designed for internal, trusted use and does not perform HTML encoding or input validation on its parameters. When user-controlled data (such as query parameters or path segments) is passed directly to get_swagger_ui_html(), it renders unencoded into the HTML document, allowing attackers to inject malicious JavaScript that executes in the victim's browser context with full access to session cookies, localStorage, and application state.

RemediationAI

Immediate patching is required: upgrade Visionatrix from any version in the range 1.5.0–2.5.0 to version 2.5.1 or later. This patch likely implements proper input sanitization (HTML encoding) or removes the use of unsanitized user input to get_swagger_ui_html(). Until patching is feasible: (1) Disable or restrict access to the /docs/flows endpoint via reverse proxy (nginx/Apache rules to block requests to /docs/flows); (2) Implement network-level access controls (firewall rules, WAF rules) to limit who can reach the application; (3) Use HTTP-only and Secure flags on session cookies to prevent JavaScript access (though this is only a partial mitigation for XSS-based exfiltration); (4) Monitor and rotate any secrets that may have been exposed if the application is already deployed. Apply version 2.5.1 as the definitive fix. Check vendor repository/release notes (likely GitHub Visionatrix project) for patch details and upgrade procedures.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2025-49126 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy