CVE-2025-62793
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2025-10-30

Assigner: GitHub, Inc.

Description
eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who opens the SVG URL or any page embedding it could have their session hijacked, data exfiltrated, or actions performed on their behalf. This vulnerability is fixed n 5.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62793
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
elabftw elabftw 5.2.8
elabftw elabftw 5.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in eLabFTW allows an attacker to upload a specially crafted SVG file that contains active content such as scripts. When this SVG file is viewed inline by a victim, the script executes within the application's origin, leading to stored cross-site scripting (XSS). This means the attacker can run malicious scripts in the context of the application.

Impact Analysis

If a victim opens the malicious SVG URL or any page embedding it, the attacker could hijack the victim's session, steal data, or perform actions on behalf of the victim within the application.

Mitigation Strategies

Upgrade eLabFTW to version 5.3.0 or later, where this vulnerability is fixed. Avoid opening or embedding SVG files from untrusted sources until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62793. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart