CVE-2025-55166

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.22.0

Description: savg-sanitizer is a PHP SVG/XML sanitizer. The sanitization logic in the cleanXlinkHrefs function only searches for lower-case attribute names, bypassing the isHrefSafeValue check. This allows for cross-site scripting or linking to external domains.

Recommendations: Update to savg-sanitizer version 0.22.0 or later.

Exploit

Fix

Open Redirect

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-79

Related Identifiers

CVE-2025-55166

GHSA-22WQ-Q86M-83FH

Affected Products

Svg-Sanitizer

CVE-2025-55166

Weakness Enumeration

Related Identifiers

Affected Products

References · 11