CVE-2025-41085
Stored XSS in Apidog 2.7.15 via Unsanitized SVG Uploads
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apidog | apidog | 2.7.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-41085 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability in Apidog web platform version 2.7.15. It occurs because SVG image uploads are not properly sanitized. Attackers can exploit this by sending a POST request to the endpoint '/api/v1/user-avatar' with a malicious SVG file containing embedded scripts. These scripts are then stored on the server and executed in the context of any user who accesses the compromised resource."}] [1]
How can this vulnerability impact me? :
This vulnerability allows attackers to execute malicious scripts in the context of users accessing the compromised resource. This can lead to unauthorized actions such as stealing user credentials, session hijacking, or performing actions on behalf of the user without their consent. Since the malicious scripts are stored on the server, every user accessing the affected resource is at risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for POST requests to the endpoint '/api/v1/user-avatar' that contain SVG image uploads. Specifically, you should look for SVG files that include embedded scripts, which indicate malicious payloads exploiting the stored XSS vulnerability."}, {'type': 'paragraph', 'content': "Commands to detect such activity might include using network traffic inspection tools or web server logs to filter POST requests to '/api/v1/user-avatar' and analyzing the contents of uploaded SVG files for embedded script tags or JavaScript code."}, {'type': 'list_item', 'content': "Use tools like tcpdump or Wireshark to capture HTTP POST requests to '/api/v1/user-avatar'."}, {'type': 'list_item', 'content': "Search web server logs for POST requests to '/api/v1/user-avatar' with SVG file uploads."}, {'type': 'list_item', 'content': 'Use grep or similar tools to scan uploaded SVG files for <script> tags or suspicious JavaScript code.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "As no official patch or solution has been reported at the time of the advisory, immediate mitigation steps should focus on restricting or monitoring SVG image uploads to the '/api/v1/user-avatar' endpoint."}, {'type': 'paragraph', 'content': 'You can temporarily disable SVG uploads or implement strict validation and sanitization of SVG files before accepting them to prevent malicious scripts from being stored.'}, {'type': 'paragraph', 'content': 'Additionally, monitor user activity and server logs for suspicious behavior related to this endpoint and consider applying web application firewall (WAF) rules to block or alert on suspicious SVG uploads.'}] [1]