PT-2025-42724 · Unknown · Toeverything Affine

Hamzaoui Mohamed

Published

2025-10-19

Updated

2025-10-20

CVE-2025-11945

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions toeverything AFFiNE versions prior to 0.24.1

Description A security issue exists in toeverything AFFiNE up to version 0.24.1 related to the Avatar Upload Image Endpoint. This can be exploited to perform cross site scripting. The attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-11945

Affected Products

Toeverything Affine

PT-2025-42724 · Unknown · Toeverything Affine

CVE-2025-11945

Weakness Enumeration

Related Identifiers

Affected Products

References · 8