Vulnerability Description
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a0
- https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f0
- https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1
- https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq
FAQ
What is CVE-2025-32019?
CVE-2025-32019 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability ...
How severe is CVE-2025-32019?
CVE-2025-32019 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-32019?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.