Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

W3C

Source -

CNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2025-1781
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.78%
||
7 Day CHG-0.01%
Published-28 Mar, 2025 | 13:48
Updated-01 Aug, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).  This could be exploited to read arbitrary local files if an attacker has access to exception messages.

Action-Not Available
Vendor-w3W3C
Product-css_validatorCSS Validator
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference