Base Score

MEDIUM5.1

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateAug 12, 2025, 17:15

Affected Versions(1)

enshrined/svg-sanitize(Packagist)

Introduced0

Fixed0.22.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
enshrined/svg-sanitize(Packagist)	0	0.22.0	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.1

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

Base Score

MEDIUM5.1

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.1

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)