Home > Vulnerability Database > CVE-2025-47778

Mend.io Vulnerability Database

CVE-2025-47778

Good to know:

Date: May 14, 2025

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file "src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php" manually.

Severity Score

7.2

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47778

Url: https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255

Url: https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php

Url: https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544

Url: https://github.com/sulu/sulu

Url: https://www.mend.io/vulnerability-database/CVE-2025-47778

Severity Score

7.2

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Top Fix

Upgrade Version

Upgrade to version https://github.com/sulu/sulu.git - 2.5.25;https://github.com/sulu/sulu.git - 2.6.9

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47778

Good to know:

Date: May 14, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?