Vulnerability DatabaseCVE-2025-45893

CVE-2025-45893:
OpenCart vulnerability analysis and mitigation

Overview

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability was discovered on July 25, 2025, and affects the media manager functionality where SVG files are not properly sanitized (NVD).

Technical details

The vulnerability arises from improper sanitization of SVG files uploaded through the media manager in OpenCart's blog post feature. The CVSS v3.1 base score is 6.1 (Medium), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (AttackerKB).

Impact

The successful exploitation of this vulnerability could allow attackers to execute arbitrary web scripts or HTML through crafted SVG files. This could lead to unauthorized access to sensitive information and potential manipulation of web content, affecting both confidentiality and integrity of the system with low impact (NVD).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6.1

Score

Published July 25, 2025

Severity MEDIUM

CNA Score 6.1

Affected Technologies

OpenCart

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 6.2

Exploitation Probability (EPSS) N/A

Affected packages and libraries

cpe:2.3:a:opencart:opencart

Sources

VulnCheck NVD++
- Linux Severity MEDIUMNo FixAdded at: Aug 07, 2025
- Windows Severity MEDIUMNo FixAdded at: Aug 07, 2025
NVD
- Linux Severity MEDIUMNo FixAdded at: Aug 08, 2025
- Windows Severity MEDIUMNo FixAdded at: Aug 08, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related OpenCart vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-15116	MEDIUM	6.3	OpenCart	cpe:2.3:a:opencart:opencart	No	No	Dec 28, 2025
CVE-2025-45893	MEDIUM	6.1	OpenCart	cpe:2.3:a:opencart:opencart	No	No	Jul 25, 2025
CVE-2025-45892	MEDIUM	6.1	OpenCart	cpe:2.3:a:opencart:opencart	No	No	Jul 25, 2025
CVE-2025-1749	MEDIUM	4.7	OpenCart	cpe:2.3:a:opencart:opencart	No	Yes	Feb 28, 2025
CVE-2025-1748	MEDIUM	4.7	OpenCart	cpe:2.3:a:opencart:opencart	No	Yes	Feb 28, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-45893: OpenCart vulnerability analysis and mitigation