Multiple vulnerabilities in Seafile_CVE-2025-41080

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

Basic Information

ID CVE-2025-41080

Source INCIBE

Published Dec 4, 2025 at 11:48

Modified Dec 4, 2025 at 14:43

Affected Product

Vendor Seafile

Product Seafile

Version 12.0.14

Affected Versions Seafile Seafile 12.0.14

CWE Classification

CWE-79

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-seafile

{
    "lastseen": "",
    "description": "A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST par\u00e1metro 'p' in '/api/v2.1/repos/{repo_id}/file/'.",
    "published": "2025-12-04T11:48:44.776Z",
    "modified": "2025-12-04T14:43:13.952Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in Seafile",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-seafile",
    "id": "CVE-2025-41080",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Seafile Seafile 12.0.14",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Seafile",
    "version": "12.0.14",
    "vendor": "Seafile",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}