CVE-2025-65675 – A stored cross-site scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-65675?

CVE-2025-65675 has a CVSS score of 5.4 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to inject malicious JavaScript via crafted SVG profile pictures. This enables attackers to execute arbitrary code in victims' browsers when they view the malicious profile. All users of Classroomio LMS 0.1.13 are affected.

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to inject malicious JavaScript via crafted SVG profile pictures. This enables attackers to execute arbitrary code in victims' browsers when they view the malicious profile. All users of Classroomio LMS 0.1.13 are affected.

💻 Affected Systems

Products:

Classroomio LMS

Versions: 0.1.13

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to upload profile pictures.

📦 What is this software?

Classroomio by Classroomio

View all CVEs affecting Classroomio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform account takeover, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Attackers could steal user credentials, perform phishing attacks, or deface user profiles.

🟢

If Mitigated

With proper input validation and output encoding, the attack would be prevented with minimal impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and ability to upload SVG files as profile pictures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://classroomio.com

Restart Required: No

Instructions:

Check vendor website for updates. If patch is available, update to the latest version. If not, implement workarounds.

🔧 Temporary Workarounds

Disable SVG uploads

all

Configure the application to reject SVG file uploads for profile pictures.

Modify file upload validation to block .svg extensions

Implement Content Security Policy

all

Add CSP headers to prevent execution of inline scripts.

Add 'Content-Security-Policy: script-src 'self'' to HTTP headers

🧯 If You Can't Patch

Restrict profile picture uploads to trusted users only
Implement WAF rules to block malicious SVG content

🔍 How to Verify

Check if Vulnerable:

Check if Classroomio LMS version is 0.1.13. Attempt to upload an SVG file with JavaScript payload as profile picture.

Check Version:

Check application version in admin panel or configuration files.

Verify Fix Applied:

Verify that SVG uploads are blocked or properly sanitized. Test with malicious SVG payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SVG file uploads
Multiple failed upload attempts with SVG files
User accounts uploading unusually large profile pictures

Network Indicators:

HTTP requests with SVG files containing script tags
Unusual outbound connections from user browsers after viewing profiles

SIEM Query:

source="web_logs" AND (file_extension="svg" OR content_type="image/svg+xml") AND (url_contains="profile" OR url_contains="upload")

📊 Metadata

CVE ID: CVE-2025-65675

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (18.5th percentile)

Published: November 26, 2025

Last Updated: December 5, 2025

🔗 References

http://classroomio.com Product
https://github.com/Rivek619/CVE-2025-65675 Exploit,Third Party Advisory
https://github.com/classroomio/classroomio Product
https://github.com/Rivek619/CVE-2025-65675 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65675, you might also want to check these: