CVE-2025-11655

Name of the Vulnerable Software and Affected Versions Total.js Flow versions prior to 673ef9144dd25d4f4fd4fdfda5af27f230198924

Description A security flaw exists in Total.js Flow related to the SVG File Handler component. Manipulation of this component can lead to unrestricted file upload, and the attack can be initiated remotely. The exploit has been publicly released. Continuous delivery with rolling releases is used, and the vendor did not respond to early disclosure attempts.

Recommendations Update to a version later than 673ef9144dd25d4f4fd4fdfda5af27f230198924.