CVE-2025-1781
MEDIUM WAF: High
CVSS 6.5
Published: 2025-03-28
CWE-611
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| w3 | css_validator | up to 20250226 |
References
- github.com (Exploit, Vendor Advisory)