CVE-2025-1781

Medium CVSS 6.5

Overview

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.

CWE: CWE-611 Published: 2025-03-28T14:15:19.687

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.5 (MEDIUM)
Detected tags: ssrf, xxe (tag impact: MODERATE)

Recommended actions:

Deny access to internal/metadata addresses; use outbound allowlists.
Disable external entities in XML parsers; use safe libraries.

Overview

Recommended tools

Tags