VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-fad6-cdj9-ekb1

Essentials
Severities (21)
References (9)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fad6-cdj9-ekb1
Aliases	CVE-2025-61457 GHSA-9778-v769-qvjf
Summary	code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0003	https://api.first.org/data/v1/epss?cve=CVE-2025-61457
epss	0.0003	https://api.first.org/data/v1/epss?cve=CVE-2025-61457
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-9778-v769-qvjf
cvssv3.1	6.1	https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457
generic_textual	MODERATE	https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457
ssvc	Track	https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457
cvssv3.1	6.1	https://github.com/code16/sharp
generic_textual	MODERATE	https://github.com/code16/sharp
cvssv3.1	6.1	https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97
generic_textual	MODERATE	https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97
ssvc	Track	https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97
cvssv3.1	6.1	https://github.com/code16/sharp/commit/bf7fedf2086d86aac16194733a6385564e5cf124
generic_textual	MODERATE	https://github.com/code16/sharp/commit/bf7fedf2086d86aac16194733a6385564e5cf124
cvssv3.1	6.1	https://github.com/code16/sharp/issues/611
generic_textual	MODERATE	https://github.com/code16/sharp/issues/611
ssvc	Track	https://github.com/code16/sharp/issues/611
cvssv3.1	6.1	https://github.com/code16/sharp/releases/tag/v9.7.0
generic_textual	MODERATE	https://github.com/code16/sharp/releases/tag/v9.7.0
ssvc	Track	https://github.com/code16/sharp/releases/tag/v9.7.0
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2025-61457
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-61457

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-61457
		https://github.com/code16/sharp
		https://github.com/code16/sharp/commit/bf7fedf2086d86aac16194733a6385564e5cf124
611		https://github.com/code16/sharp/issues/611
CVE-2025-61457		https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457
CVE-2025-61457		https://nvd.nist.gov/vuln/detail/CVE-2025-61457
GHSA-9778-v769-qvjf		https://github.com/advisories/GHSA-9778-v769-qvjf
SharpFormUploadField.php#L97		https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97
v9.7.0		https://github.com/code16/sharp/releases/tag/v9.7.0

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T20:29:37Z/ Found at https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-61457

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/code16/sharp

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T20:29:37Z/ Found at https://github.com/code16/sharp/blob/6d106b05aa07c6b46f5de28f909b732e1bbcdc47/src/Form/Fields/SharpFormUploadField.php#L97

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/code16/sharp/commit/bf7fedf2086d86aac16194733a6385564e5cf124

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/code16/sharp/issues/611

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T20:29:37Z/ Found at https://github.com/code16/sharp/issues/611

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/code16/sharp/releases/tag/v9.7.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T20:29:37Z/ Found at https://github.com/code16/sharp/releases/tag/v9.7.0

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-61457

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.09223
EPSS Score	0.0003
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:19:04.139181+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/61xxx/CVE-2025-61457.json	38.6.0