EUVD-2025-16899
GHSA-4p4w-6hg8-63wx
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
4Description
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects AngularJS versions greater than or equal to 1.3.1. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Analysis
A remote code execution vulnerability (CVSS 4.8) that allows attackers. Remediation should follow standard vulnerability management procedures.
Technical Context
Vulnerability type: remote code execution.
Affected Products
['Unspecified product']
Remediation
Monitor vendor channels for patch availability.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | not-affected | code not present |
| upstream | ignored | upstream EOL |
| oracular | ignored | end of life, was ignored [upstream EOL] |
| bionic | released | 1.5.10-1ubuntu0.1~esm1 |
| focal | released | 1.7.9-1ubuntu0.1~esm1 |
| jammy | released | 1.8.2-2ubuntu0.1 |
| noble | released | 1.8.3-1ubuntu0.24.04.1 |
| plucky | released | 1.8.3-1ubuntu0.25.04.1 |
| questing | not-affected | 1.8.3-3 |
Debian
Bug #1107519| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1.8.3-1+deb12u1~deb11u1 | - |
| bullseye (security) | fixed | 1.8.3-1+deb12u1~deb11u1 | - |
| bookworm | fixed | 1.8.3-1+deb12u1 | - |
| forky, sid, trixie | fixed | 1.8.3-3 | - |
| (unstable) | fixed | 1.8.3-2 | - |
Share
External POC / Exploit Code
Leaving vuln.today