PT-2025-10602 · Canvg · Canvg

Ducky97

·

Published

2025-01-26

·

Updated

2025-03-15

·

CVE-2025-25977

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions canvg version 4.0.2
Description An issue in the Constructor of the class StyleElement allows an attacker to execute arbitrary code.
Recommendations For canvg version 4.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

BDU:2025-09392
CVE-2025-25977
GHSA-V2MW-5MCH-W8C5

Affected Products

Canvg