CVE-2025-1781

Name of the Vulnerable Software and Affected Versions W3CSS Validator versions before cssval-20250226

Description The issue is related to an XXE (XML External Entity) attack in the W3CSS Validator, which allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.

Recommendations For versions before cssval-20250226, update to a version that includes the fix for this issue, as using specially-crafted XML objects can lead to server-side request forgery (SSRF) and exposure of local files. As a temporary workaround, consider restricting access to the XML parsing functionality in the W3CSS Validator until a patch is available.