CVE-2025-46096
MEDIUMsolon 3.1.2 - Path Traversal and Cross-Site Scripting via solon-faas-luffy Component
Title source: llmDescription
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/yaoyao-cool/1b7d80930fea88b6fd4839646cedc437
Exploit, Issue Tracking, Third Party Advisory
https://github.com/opensolon/solon/issues/357
Scores
CVSS v3
6.1
EPSS
0.0050
EPSS Percentile
39.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-79
Status
published
Products (2)
noear/solon
3.1.2
org.noear/solon-faas-luffy
3.1.2 - 3.2.0Maven
Published
Jun 13, 2025
Tracked Since
Feb 18, 2026