CVE-2025-48050

Name of the Vulnerable Software and Affected Versions: DOMPurify versions 3.2.5 and earlier

Description: The issue arises from the scripts/server.js file in DOMPurify, which fails to ensure that a pathname is located under the current working directory. This problem is present in versions up to 3.2.5 before the commit 6bc6d60.

Recommendations: For DOMPurify versions 3.2.5 and earlier, consider restricting access to the scripts/server.js file until a patch is available. As a temporary workaround, ensure that all pathnames are manually verified to be under the current working directory to minimize the risk of exploitation.