CVE-2025-65790

Description

A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser executes the attacker-controlled JavaScript.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-22 | Updated 2025-12-22 | Assigner mitre

References

fuguhub.com/

github.com/...x/FuguHub-8.1-Reflected-SVG-XSS-CVE-2025-65790

cve.org (CVE-2025-65790)

nvd.nist.gov (CVE-2025-65790)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.