How severe is CVE-2025-46655?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2025-46655?

This is classified as CWE-424, which is a common weakness in software security.

CVE-2025-46655 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.

Related Vulnerabilities

CVE-2025-46654

MEDIUM

CVSS:4.9(Medium)

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

CWE-4242025

CVE-2022-24932

MEDIUM

CVSS:4.6(Medium)

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.

CWE-4242022

CVE-2022-28782

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point ...

CWE-4242022

CVE-2021-3793

MEDIUM

CVSS:5.3(Medium)

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access adminis...

CWE-4242021

CVE-2024-8311

MEDIUM

CVSS:6.5(Medium)

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwri...

CWE-4242024

CVE-2022-1742

MEDIUM

CVSS:6.8(Medium)

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this...

CWE-4242022