CVE-2025-0716

Name of the Vulnerable Software and Affected Versions AngularJS versions prior to the end of life, as no specific fixed version is mentioned and the project is End-of-Life.

Description The issue is related to improper sanitization of the href and xlink:href attributes in <image> SVG elements, allowing attackers to bypass common image source restrictions. This can lead to Content Spoofing and negatively affect the application's performance and behavior by using too large or slow-to-load images.

Recommendations For all affected versions of AngularJS, consider disabling the use of <image> SVG elements or restricting the href and xlink:href attributes to mitigate the risk of exploitation, as the project is End-of-Life and will not receive any updates to address this issue.