CVE-2025-62793 — MEDIUM (6.8)

Vulnerability Description

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who opens the SVG URL or any page embedding it could have their session hijacked, data exfiltrated, or actions performed on their behalf. This vulnerability is fixed n 5.3.0.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-62793?

CVE-2025-62793 is a vulnerability with a CVSS score of 6.8 (MEDIUM). eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that ...

How severe is CVE-2025-62793?

CVE-2025-62793 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-62793?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.