CVE-2025-26260 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-26260 at MITRE

Description

Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

openSUSE-SU-2025:14893-1, published Sun Mar 16 18:51:13 2025

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`govulncheck-vulndb >= 0.0.20250313T170021-1.1`	Patchnames: openSUSE-Tumbleweed-2025-14893

SUSE Timeline for this CVE

CVE page created: Wed Mar 12 18:00:25 2025
CVE page last modified: Sun Mar 16 20:09:32 2025