CVE-2025-46655 Information

Description

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript but it can be bypassed in certain cases of different-origin file storage such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.

Reference

https://github.com/hackmdio/codimd/issues/1910 https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md