CVE-2025-10348

Vulnerability Description

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication. This issue was fixed in version 1.1.24.

Related Weaknesses (CWE)

CWE-79

References

https://cert.pl/posts/2025/10/CVE-2025-10348
https://smartoffice.expert/

FAQ

What is CVE-2025-10348?

CVE-2025-10348 is a documented vulnerability. URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed w...

How severe is CVE-2025-10348?

CVSS scoring is not yet available for CVE-2025-10348. Check NVD for updates.

Is there a patch for CVE-2025-10348?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.