CVE-2025-14896 in krokiinformação

Sumário

de MITRE • 18/12/2025

due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitive information.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Snyk

Reservar

18/12/2025

Divulgação

18/12/2025

Moderação

aceite

Entrada

VDB-337421

CPE

pronto

CWE

CWE-552 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00042

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-14896
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-14896
CVE Details	https://www.cvedetails.com/cve/CVE-2025-14896/

◂ Voltar Visão Geral Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!