Security Advisory

CVE-2025-1781

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-28 13:48:22

Last updated 2025-03-28 14:31:48

Assigner Google

State PUBLISHED

Description

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.

← Browse all CVEs View on cve.org ↗