CVE-2025-48050 | THREATINT

Description

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script which starts a local web server if needed and must be manually started."

PUBLISHED Reserved 2025-05-15 | Published 2025-05-15 | Updated 2025-05-16 | Assigner mitre

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Problem types

CWE-24 Path Traversal: '../filedir'

Product status

Default status

unknown

Any version

affected

References

github.com/cure53/DOMPurify/pull/1101 exploit

github.com/...advisory/blob/main/cure53/DOMPurify/writeup.md

github.com/cure53/DOMPurify/pull/1101

github.com/...ommit/6bc6d60e49256f27a4022181b7d8a5b0721fd534

security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060

cve.org (CVE-2025-48050)

nvd.nist.gov (CVE-2025-48050)

Download JSON