CVE Alert: CVE-2025-2336

June 5, 2025
image 1

Vulnerability Summary: CVE-2025-2336

Improper sanitization of the value of the ‘href’ and ‘xlink:href’ attributes in ‘‘ SVG elements in AngularJS’s ‘ngSanitize’ module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application’s performance and behavior by using too large or slow-to-load images. This issue affects AngularJS versions greater than or equal to 1.3.1. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Affected Endpoints:

No affected endpoints listed.

Published Date:

6/4/2025, 5:15:28 PM

⚠️ CVSS Score:

CVSS v3 Score: 4.8 (Medium)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

[CRYPTO24] – Ransomware Victim: SOUBEIRAN CHOBET S[.]R[.]L[.]

July 22, 2025
image

[AKIRA] – Ransomware Victim: Pinnacle Woodwork

July 22, 2025
image

[LYNX] – Ransomware Victim: Nippn TH

July 22, 2025
0f645a392b509c847d4a19b40e1ad8aa777b70e3d5b060d0da8925cb3ab62dc7

If You’re Forced To Use Windows 11, Here’s How To Steal Some Of Your Time Back

July 22, 2025
9a407790e0d9a3e8767874ef549d60009f0b5ec7e1070c2c60d04a6cc2613ccb

Japan Discovers Object Out Beyond Pluto That Rewrites The Planet 9 Theory

July 22, 2025