Platform
php
Component
image-compressor-tool
Fixed in
1.0.1
CVE-2025-1169 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Image Compressor Tool versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides in the processing of the 'image' parameter within the /image-compressor/compressor.php file. A patch is available in version 1.0.1.
Successful exploitation of CVE-2025-1169 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including stealing session cookies, redirecting users to phishing sites, or defacing the application. The impact is particularly severe if the application handles sensitive user data or is integrated with other systems. An attacker could leverage this to gain unauthorized access to user accounts or perform actions on their behalf. The vulnerability's remote accessibility significantly broadens the potential attack surface.
This vulnerability has been publicly disclosed. No KEV listing or EPSS score is currently available. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and public disclosure. Refer to the vendor advisory for further details.
Exploit Status
EPSS
0.35% (58% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1169 is to upgrade to version 1.0.1 of SourceCodester Image Compressor Tool. If immediate upgrading is not possible, consider implementing input validation and sanitization on the 'image' parameter in /image-compressor/compressor.php to prevent the injection of malicious scripts. While a Web Application Firewall (WAF) might offer some protection, it's not a substitute for patching. Review and update any existing security policies to reflect this vulnerability and its potential impact.
Update to a patched version of the software. If no version is available, filter the input of the 'image' parameter in the compressor.php file to prevent XSS code execution. Consider disabling the functionality until a fix is released.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1169 is a cross-site scripting (XSS) vulnerability in SourceCodester Image Compressor Tool versions 1.0–1.0, allowing attackers to inject malicious scripts via the 'image' parameter in /image-compressor/compressor.php.
You are affected if you are using SourceCodester Image Compressor Tool version 1.0 or 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1 of SourceCodester Image Compressor Tool. If upgrading is not immediately possible, implement input validation and sanitization on the 'image' parameter.
While no confirmed active exploitation is currently reported, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
Refer to the SourceCodester website or relevant security mailing lists for the official advisory regarding CVE-2025-1169.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.