{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T05:22:02.785","vulnerabilities":[{"cve":{"id":"CVE-2025-0716","sourceIdentifier":"36c7be3b-2937-45df-85ea-ca7133ea542c","published":"2025-04-29T17:15:39.790","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"36c7be3b-2937-45df-85ea-ca7133ea542c","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status ."},{"lang":"es","value":"La limpieza incorrecta del valor de los atributos 'href' y 'xlink:href' en los elementos SVG '' de AngularJS permite a los atacantes eludir las restricciones comunes de las fuentes de imágenes. Esto puede provocar suplantación de contenido (https://owasp.org/www-community/attacks/Content_Spoofing) y afectar negativamente el rendimiento y el comportamiento de la aplicación al usar imágenes demasiado grandes o de carga lenta. Este problema afecta a todas las versiones de AngularJS. Nota: El proyecto AngularJS ha finalizado su ciclo de vida y no recibirá actualizaciones para solucionar este problema. Para más información, consulte aquí: https://docs.angularjs.org/misc/version-support-status."}],"metrics":{"cvssMetricV31":[{"source":"36c7be3b-2937-45df-85ea-ca7133ea542c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"36c7be3b-2937-45df-85ea-ca7133ea542c","type":"Secondary","description":[{"lang":"en","value":"CWE-791"}]}],"references":[{"url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915","source":"36c7be3b-2937-45df-85ea-ca7133ea542c"},{"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716","source":"36c7be3b-2937-45df-85ea-ca7133ea542c"},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}