CVE-2025-13415 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-13415?

CVE-2025-13415 has a CVSS score of 3.5 (LOW). This vulnerability allows attackers to inject malicious scripts via SVG file uploads in EasyImages versions up to 2.8.6. When users view manipulated SVG images, the scripts execute in their browsers, potentially stealing session cookies or performing actions on their behalf. This affects all installations using the vulnerable SVG Image Handler component.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts via SVG file uploads in EasyImages versions up to 2.8.6. When users view manipulated SVG images, the scripts execute in their browsers, potentially stealing session cookies or performing actions on their behalf. This affects all installations using the vulnerable SVG Image Handler component.

💻 Affected Systems

Products:

icret EasyImages

Versions: Up to and including 2.8.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with SVG upload functionality enabled via the /app/upload.php endpoint.

📦 What is this software?

Easyimages2.0 by Easyimages2.0 Project

View all CVEs affecting Easyimages2.0 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over the EasyImages installation, and use it as a foothold to attack other systems in the network.

🟠

Likely Case

Attackers inject malicious scripts that steal user session cookies or redirect users to phishing sites when they view manipulated SVG images.

🟢

If Mitigated

With proper input validation and output encoding, the XSS payloads would be neutralized, preventing script execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a public upload endpoint and requires only SVG file manipulation, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.7 or later

Vendor Advisory: https://github.com/icret/EasyImages2.0/issues/260

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download the latest version from the official repository. 3. Replace the vulnerable files, particularly /app/upload.php. 4. Verify the fix by testing SVG upload functionality.

🔧 Temporary Workarounds

Disable SVG uploads

all

Temporarily disable SVG file uploads in the EasyImages configuration to prevent exploitation.

Edit configuration to restrict allowed file types to exclude SVG

Implement WAF rules

all

Add web application firewall rules to block malicious SVG content patterns.

Add WAF rule to detect and block SVG files containing script tags or javascript URIs

🧯 If You Can't Patch

Implement strict Content Security Policy headers to prevent script execution from untrusted sources.
Monitor and audit all SVG file uploads for suspicious content patterns.

🔍 How to Verify

Check if Vulnerable:

Check if your EasyImages version is 2.8.6 or earlier and if SVG upload functionality is enabled.

Check Version:

Check the version in the EasyImages admin panel or configuration files.

Verify Fix Applied:

After patching, attempt to upload an SVG file containing script tags and verify they are properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual SVG file uploads, especially with script tags or javascript URIs in the content

Network Indicators:

HTTP POST requests to /app/upload.php with SVG content containing script patterns

SIEM Query:

source="web_server" AND uri="/app/upload.php" AND file_type="svg" AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-13415

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: November 19, 2025

Last Updated: November 25, 2025

🔗 References

https://github.com/icret/EasyImages2.0/issues/260 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.332940 Permissions Required,VDB Entry
https://vuldb.com/?id.332940 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.693732 Third Party Advisory,VDB Entry
https://github.com/icret/EasyImages2.0/issues/260 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13415, you might also want to check these: