savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 12 Aug 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Svg-sanitizer Project
Svg-sanitizer Project svg-sanitizer
Vendors & Products Svg-sanitizer Project
Svg-sanitizer Project svg-sanitizer

Tue, 12 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
Description savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.
Title svg-sanitizer By-Passing Attribute Sanitization
Weaknesses CWE-601
CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-12T17:48:05.000Z

Reserved: 2025-08-07T18:27:23.307Z

Link: CVE-2025-55166

cve-icon Vulnrichment

Updated: 2025-08-12T17:47:55.276Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-12T17:15:39.667

Modified: 2025-08-13T17:34:12.350

Link: CVE-2025-55166

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T19:53:19Z