cbcvebase.
CVE-2025-22872
published 2025-04-16

CVE-2025-22872: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer…

PriorityP434medium6.5CVSS 3.1
AVNACHPRNUINSCCLILAL
EPSS
0.45%
35.9th percentile
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

Affected

25 ranges
VendorProductVersion rangeFixed in
canonicallxd>= 0 < 2.0.11-0ubuntu1~16.04.4+esm22.0.11-0ubuntu1~16.04.4+esm2
canonicallxd>= 0 < 3.0.3-0ubuntu1~18.04.2+esm23.0.3-0ubuntu1~18.04.2+esm2
debiangolang-golang-x-net< golang-golang-x-net 1:0.27.0-2 (forky)golang-golang-x-net 1:0.27.0-2 (forky)
golang.orgx_net>= 0 < 0.38.00.38.0
golang.orgx_net_golang.org_x_net_html< 0.38.00.38.0
msrcazl3_application-gateway-kubernetes-ingress_1.7.7-2
msrcazl3_cert-manager_1.12.15-4
msrcazl3_cf-cli_8.7.11-3
msrcazl3_cloud-provider-kubevirt_0.5.1-1
msrcazl3_cni-plugins_1.4.0-3
msrcazl3_containerd2_2.0.0-12
msrcazl3_containerized-data-importer_1.57.0-14
msrcazl3_cri-tools_1.32.0-2
msrcazl3_dasel_2.8.1-2
msrcazl3_docker-buildx_0.14.0-6
msrcazl3_docker-compose_2.27.0-5
msrcazl3_gh_2.62.0-8
msrcazl3_helm_3.15.2-3
msrcazl3_ig_0.37.0-4
msrcazl3_influxdb_2.7.5-5
msrcazl3_keda_2.14.1-7
msrcazl3_kube-vip-cloud-provider_0.0.10-4
msrcazl3_kubernetes_1.30.10-7
msrcazl3_kubevirt_1.2.0-17
msrcazl3_libcontainers-common_20240213-3

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.