Vulnerability Details CVE-2025-1781
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.2%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-1781
-
cpe:2.3:a:w3:css_validator:*