CVE-2025-58353

Name of the Vulnerable Software and Affected Versions Promptcraft Forge Studio (affected versions not specified)

Description Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. The software’s input sanitization process, which utilizes regex blacklists like replace(/javascript:/gi, ''), is insufficient to prevent the injection of executable payloads into href or src attributes, or direct injection into the DOM. This is due to the use of multi-character tokens and the application of replacements only once, which can lead to the creation of new dangerous tokens through overlap after a single replacement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.