CVE-2025-6092
BaseFortify
Publication date: 2025-06-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6092 is a Cross Site Scripting (XSS) vulnerability in ComfyUI up to version 0.3.39. It occurs because the image upload functionality at the /upload/image endpoint does not properly sanitize or validate uploaded files, especially those with extensions like .svg and .xhtml that can contain executable JavaScript. This vulnerability is an incomplete fix of a previous issue (CVE-2024-10099), where the patch only restricted JavaScript execution for a limited set of file extensions, allowing attackers to bypass it by uploading malicious files with other extensions. When these files are rendered by a victim's browser, the embedded JavaScript executes, enabling the attacker to perform XSS attacks remotely. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript code in the context of the victim's browser when they view the uploaded malicious files. This can lead to session hijacking, theft of sensitive information, defacement of web content, or other malicious actions performed on behalf of the victim. Since the attack can be launched remotely without authentication and exploits user interaction, it poses a significant risk to users of the affected ComfyUI application. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring uploads to the /upload/image endpoint for files with extensions such as .svg or .xhtml that may contain embedded JavaScript payloads. A practical detection method is to inspect HTTP POST requests to this endpoint and analyze uploaded files for suspicious content. For example, using command-line tools like curl or wget to simulate or capture uploads, or using network monitoring tools to filter requests to /upload/image. A sample command to test the vulnerability could be a multipart/form-data POST request uploading a crafted .xhtml file containing JavaScript to /upload/image and observing if the script executes. Specific commands are not provided in the resources, but the proof-of-concept involves uploading files with embedded scripts via POST requests to /upload/image. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the /upload/image endpoint to prevent uploading of files with extensions that can contain executable scripts such as .svg and .xhtml. Since no patch or vendor response is available, users are advised to consider replacing the affected component with an alternative product. Additionally, implementing strict server-side validation and sanitization of uploaded files, including checking file content and not just extensions, can help mitigate the risk. Blocking or filtering suspicious uploads at the network or application firewall level may also reduce exposure. [3]