Silverstripe vulnerabilities April 2025

emteknetnz · emteknetnz · commit 1ea1d5be222e · 2025-04-10T18:59:29.000+12:00
diff --git a/dnadesign/silverstripe-elemental/CVE-2025-25197.yaml b/dnadesign/silverstripe-elemental/CVE-2025-25197.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2025-25197 - XSS attack in elemental \"Content blocks in use\" report"
+link:      https://www.silverstripe.org/download/security-releases/cve-2025-25197
+cve:       CVE-2025-25197
+branches:
+    5.3.x:
+        time:     2025-10-04 02:37:11
+        versions: ['<5.3.12']
+reference: composer://dnadesign/silverstripe-elemental
diff --git a/silverstripe/framework/CVE-2025-30148.yaml b/silverstripe/framework/CVE-2025-30148.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2025-30148 - XSS vulnerability in HTML editor"
+link:      https://www.silverstripe.org/download/security-releases/cve-2025-30148
+cve:       CVE-2025-30148
+branches:
+    5.3.x:
+        time:     2025-10-04 02:37:11
+        versions: ['<5.3.23']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2025-001.yaml b/silverstripe/framework/SS-2025-001.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2025-001 - User enumeration via timing attack"
+link:      https://www.silverstripe.org/download/security-releases/ss-2025-001
+cve:       ~
+branches:
+    5.3.x:
+        time:     2025-10-04 02:37:11
+        versions: ['<5.3.23']
+reference: composer://silverstripe/framework
