Platform
php
Component
easyimages2.0
Fixed in
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
CVE-2025-13415 describes a cross-site scripting (XSS) vulnerability discovered in icret EasyImages versions 2.8.0 through 2.8.6. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The affected component is the SVG Image Handler, specifically the /app/upload.php file. A fix is available in version 2.8.7.
The XSS vulnerability in icret EasyImages allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the website. Successful exploitation requires an attacker to control the 'File' argument within the /app/upload.php endpoint. The impact is amplified if the application handles sensitive user data or performs critical operations, as an attacker could leverage the injected script to gain unauthorized access or manipulate data. While the CVSS score is LOW, the potential for user compromise and website defacement remains a significant concern.
CVE-2025-13415 was publicly disclosed on 2025-11-19. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog. The LOW CVSS score suggests a relatively low probability of exploitation, but the ease of exploitation (remote manipulation of an argument) warrants attention.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13415 is to upgrade icret EasyImages to version 2.8.7 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing input validation and sanitization on the 'File' argument in /app/upload.php to prevent malicious script injection. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Review and restrict file upload permissions to prevent unauthorized file uploads. After upgrading, confirm the vulnerability is resolved by attempting to upload a file with a known malicious script payload and verifying that the script is not executed.
Update the EasyImages plugin to a version later than 2.8.6, if available, to fix the XSS vulnerability. If a patched version is not available, consider disabling or removing the plugin until an update is released. Review and validate SVG file inputs to prevent the injection of malicious code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13415 is a cross-site scripting (XSS) vulnerability affecting icret EasyImages versions 2.8.0 through 2.8.6, allowing attackers to inject malicious scripts.
You are affected if your icret EasyImages installation is running version 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, or 2.8.6. Upgrade to 2.8.7 or later to resolve the issue.
Upgrade icret EasyImages to version 2.8.7 or later. As a temporary measure, implement input validation and sanitization on the 'File' parameter in /app/upload.php.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the icret EasyImages website or security advisories for the official advisory regarding CVE-2025-13415.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.