Vulnerability DatabaseCVE-2025-55166
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-55166
August 12, 2025
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.
Affected Packages
enshrined/svg-sanitize (PHP):
Affected version(s) >=0.1.0 <0.22.0
Fix Suggestion:
Update to version 0.22.0
Related ResourcesĀ (7)
https://github.com/darylldoyle/svg-sanitizer/commit/0afa95ea74be155a7bcd6c6fb60c276c39984500
https://github.com/darylldoyle/svg-sanitizer/commit/5a0a1eaf0c6b0b540dc945fe30c93cf106b357c1
https://github.com/darylldoyle/svg-sanitizer/releases/tag/0.22.0
https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.php#L454-L481
https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-22wq-q86m-83fh
https://github.com/darylldoyle/svg-sanitizer
https://nvd.nist.gov/vuln/detail/CVE-2025-55166
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
ACTIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601
EPSS
Base Score:
0.11