cvedb.io
CVE-2025-1781
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-03-28T14:15:19.687 · Last modified 2026-06-17T08:39:45.777

Summary

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).  This could be exploited to read arbitrary local files if an attacker has access to exception messages.

Affected products

w3 — css_validator

Does this affect you?

Add your gear to cvedb and we'll alert you only when w3 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.