CVE-2025-45055
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-06-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silverpeas | silverpeas | 6.4.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-45055 is a stored cross-site scripting (XSS) vulnerability in Silverpeas 6.4.2's event management module. An authenticated user can upload a malicious SVG file containing embedded JavaScript as an event attachment. When an administrator views this SVG, the script executes in the admin's session, allowing the attacker to steal anti-CSRF tokens and perform actions such as creating a new administrator account. This occurs due to insufficient sanitization of SVG files and weak CSRF protections, enabling privilege escalation through client-side script execution within SVGs. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring for suspicious SVG file uploads and unusual administrative account creation activities. Specifically, you can check for SVG files uploaded as event attachments and inspect them for embedded <script> tags. Network monitoring can look for HTTP requests to endpoints like /silverpeas/util/javaScript/silverpeas-tkn.js (token theft), /silverpeas/RjobDomainPeas/jsp/displayUserCreate (context simulation), and POST requests to /silverpeas/RjobDomainPeas/jsp/userCreate with multipart/form-data content type that create new admin users. Example commands include: 1) Searching for SVG files with scripts: grep -r '<script' /path/to/uploaded/svg/files 2) Monitoring web server logs for suspicious POST requests: grep '/jsp/userCreate' /var/log/apache2/access.log | grep 'multipart/form-data' 3) Using network capture tools (e.g., tcpdump or Wireshark) to filter HTTP traffic to the above endpoints. These steps help identify exploitation attempts by detecting the malicious SVG payload delivery and the forged admin creation requests. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Enforce a strict Content Security Policy (CSP) that blocks inline scripts and disallows script execution in SVG files, for example, setting 'script-src 'self'' and 'object-src 'none''. 2) Disable or restrict SVG file uploads, or sanitize uploaded SVGs to remove embedded scripts using tools like SVGO or DOMPurify. 3) Strengthen CSRF protections by not exposing CSRF tokens in client-side JavaScript, validating Origin and Referer headers server-side, rotating tokens frequently, and binding tokens to user sessions or IP addresses. 4) Harden authentication interfaces by implementing server-side validation and logging for account creation, applying rate limiting and multi-step verification for admin accounts, and enabling anomaly detection for unusual admin account creations. Applying the patch that enforces explicit file downloads instead of inline rendering and sets restrictive CSP headers (merged in Silverpeas 6.4.x branch) is also critical. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to full administrative privilege escalation. An attacker can stealthily create a new administrator account by exploiting the SVG injection and XSS flaw, gaining unauthorized full control over the Silverpeas application. The attack is stealthy, requiring only that an administrator opens the malicious SVG file, and leaves no obvious visual indication. This can compromise the integrity, confidentiality, and availability of the system and its data. [2]