CVE-2025-47778 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upl…
Medium CVSS: 6.1

CVE-2025-47778

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.
Vendor
-
Product
-
CWE
CWE-611
Yayın Tarihi
2025-05-14 16:15:29
Güncelleme
2025-05-16 14:43:56
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-611 MEDIUM 2025

Referanslar

https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544 https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255