Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47778

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.

Published

2025-05-14T16:15:29.110

Last Modified

2025-05-16T14:43:56.797

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-611

Affected Vendors & Products

References

https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php ([email protected])
https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544 ([email protected])
https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255 ([email protected])