CVE-2025-13415 MEDIUM

CVE-2025-13415: icret EasyImages SVG Image upload.php cross site scripting

Vendor Icret
Product EasyImages
Weakness CWE-79 · XSS
Published November 19, 2025
Last update November 20, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.

Key dates

02Disclosure timeline

November 19, 2025 CVE published
November 20, 2025 Record updated