CVE 8.8 HIGH

CVE-2025-61417_CVE-2025-61417

October 20, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.

AI Analysis

Cross-Site Scripting (XSS) vulnerability in TastyIgniter 3.7.7 allows attackers to execute arbitrary JavaScript code in the administrator's browser context.

Basic Information

ID CVE-2025-61417

Source mitre

Published Oct 20, 2025 at 00:00

Modified Oct 20, 2025 at 15:38

Affected Product

Vendor TastyIgniter

Product TastyIgniter

Version 3.7.7

Affected Versions n/a n/a n/a

CWE Classification

CWE-79 CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor TastyIgniter

Product TastyIgniter

Version 3.7.7

References

{
    "lastseen": "",
    "description": "Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.",
    "published": "2025-10-20T00:00:00.000Z",
    "modified": "2025-10-20T15:38:57.855Z",
    "type": "cve",
    "title": "CVE-2025-61417",
    "source": "mitre",
    "references": "https://github.com/tastyigniter/TastyIgniter\nhttps://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md",
    "id": "CVE-2025-61417",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TastyIgniter",
    "version": "3.7.7",
    "vendor": "TastyIgniter",
    "ai_description": "Cross-Site Scripting (XSS) vulnerability in TastyIgniter 3.7.7 allows attackers to execute arbitrary JavaScript code in the administrator's browser context.",
    "ai_severity": "High",
    "ai_vendor": "TastyIgniter",
    "ai_product": "TastyIgniter",
    "ai_version": "3.7.7",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply