CVE-2025-0716

CWE-7918 documents7 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 85.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Angularjs
Timeline
PublishedApr 29
Latest updateJan 14

Description

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

CVEListV5google/angularjs>=0.0.0
Debianangular.js< 1.8.3-1+deb12u1~deb11u1+3
npmangular1.8.3

🔴Vulnerability Details

4
OSV
AngularJS improperly sanitizes SVG elements2025-04-29
GHSA
AngularJS improperly sanitizes SVG elements2025-04-29
OSV
CVE-2025-0716: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image s2025-04-29
CVEList
AngularJS improper sanitization in SVG '<image>' element2025-04-29

📋Vendor Advisories

3
Ubuntu
AngularJS vulnerabilities2026-01-14
Red Hat
angular: AngularJS improper sanitization in SVG '<image>' element2025-04-29
Debian
CVE-2025-0716: angular.js - Improper sanitization of the value of the 'href' and 'xlink:href' attributes in ...2025
CVE-2025-0716 (MEDIUM CVSS 4.8) | Improper sanitization of the value | cvebase.io