{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-46655", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-29T15:22:43.429Z", "dateReserved": "2025-04-26T00:00:00.000Z", "datePublished": "2025-04-26T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "CodiMD", "vendor": "HackMD", "versions": [{"lessThanOrEqual": "2.5.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-26T20:38:04.712Z"}, "references": [{"url": "https://github.com/hackmdio/codimd/issues/1910"}, {"url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md"}], "tags": ["disputed"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hackmd:codimd:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.5.4"}]}]}]}, "adp": [{"references": [{"url": "https://github.com/hackmdio/codimd/issues/1910", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-29T14:05:51.667886Z", "id": "CVE-2025-46655", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T15:22:43.429Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46655", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-29T14:05:51.667886Z"}}}], "references": [{"url": "https://github.com/hackmdio/codimd/issues/1910", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T14:06:04.315Z"}}], "cna": {"tags": ["disputed"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "HackMD", "product": "CodiMD", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.4"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/hackmdio/codimd/issues/1910"}, {"url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hackmd:codimd:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "2.5.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-26T20:38:04.712Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46655", "state": "PUBLISHED", "dateUpdated": "2025-04-29T15:22:43.429Z", "dateReserved": "2025-04-26T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-04-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers."}, {"lang": "es", "value": "CodiMD hasta la versi\u00f3n 2.5.4 cuenta con un mecanismo de protecci\u00f3n basado en CSP contra XSS mediante la carga de documentos SVG que contienen JavaScript, pero este mecanismo puede omitirse en ciertos casos de almacenamiento de archivos de origen diferente, como AWS S3. NOTA: Esto puede considerarse un error del usuario si se utiliza AWS para alojar contenido JavaScript no confiable, pero la arquitectura seleccionada dentro de AWS no cuenta con componentes que permitan insertar encabezados Content-Security-Policy."}], "id": "CVE-2025-46655", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.7, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-04-26T21:15:15.260", "references": [{"source": "cve@mitre.org", "url": "https://github.com/hackmdio/codimd/issues/1910"}, {"source": "cve@mitre.org", "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/hackmdio/codimd/issues/1910"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{"created": "2025-06-23T19:31:58.813183+00:00", "updated": "2025-06-23T19:31:58.813270+00:00", "vendors": ["hackmd", "hackmd$PRODUCT$codimd"]}