CVE-2025-61417HIGH 8.8EPSS p41.4%

CVE-2025-61417CVE-2025-61417

Description

Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.4% · 2026-06-18T12:00:27Z
Published2025-10-20
Last modified2025-11-12

Underlying weaknesses· 2

CWE-79CWE-434

References

  1. https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md
  2. https://github.com/tastyigniter/TastyIgniter

2

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65474
CVE
CVE-2025-63307
CVE
CVE-2025-60880
CVE
CVE-2025-25361
CVE
CVE-2025-65471
CVE
CVE-2026-33172
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.