CVE-2025-22872

EUVD-2025-11453
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
containerized-data-importer-manifests
suse enterprise sap 15 SP7
1.64.0-150700.9.11.1
fixed
suse enterprise server 15 SP7
1.64.0-150700.9.11.1
fixed
golang-github-prometheus-node_exporter
suse enterprise server 12 SP5
1.9.1-1.36.2
fixed
helm
suse enterprise sap 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise sap 15 SP7
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP4
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP7
3.18.3-150000.1.50.1
fixed
helm-bash-completion
suse enterprise sap 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise sap 15 SP7
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP4
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP7
3.18.3-150000.1.50.1
fixed
helm-zsh-completion
suse enterprise sap 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise sap 15 SP7
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP4
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP7
3.18.3-150000.1.50.1
fixed
kubevirt-manifests
suse enterprise sap 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise sap 15 SP7
1.6.3-150700.3.13.1
fixed
suse enterprise server 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise server 15 SP7
1.6.3-150700.3.13.1
fixed
kubevirt-virtctl
suse enterprise sap 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise sap 15 SP7
1.6.3-150700.3.13.1
fixed
suse enterprise server 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise server 15 SP7
1.6.3-150700.3.13.1
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
terraform-provider-aws
suse enterprise sap 15 SP4
3.11.0-150200.6.18.1
fixed
suse enterprise sap 15 SP5
3.11.0-150200.6.18.1
fixed
suse enterprise server 15 SP4
3.11.0-150200.6.18.1
fixed
suse enterprise server 15 SP5
3.11.0-150200.6.18.1
fixed
terraform-provider-azurerm
suse enterprise sap 15 SP4
2.32.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
2.32.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
2.32.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
2.32.0-150200.6.12.1
fixed
terraform-provider-external
suse enterprise sap 15 SP4
2.0.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.12.1
fixed
terraform-provider-google
suse enterprise sap 15 SP4
3.43.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
3.43.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
3.43.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
3.43.0-150200.6.12.1
fixed
terraform-provider-helm
suse enterprise sap 15 SP4
2.9.0-150200.6.23.1
fixed
suse enterprise sap 15 SP5
2.9.0-150200.6.23.1
fixed
suse enterprise server 15 SP4
2.9.0-150200.6.23.1
fixed
suse enterprise server 15 SP5
2.9.0-150200.6.23.1
fixed
terraform-provider-kubernetes
suse enterprise sap 15 SP4
1.13.2-150200.6.12.1
fixed
suse enterprise sap 15 SP5
1.13.2-150200.6.12.1
fixed
suse enterprise server 15 SP4
1.13.2-150200.6.12.1
fixed
suse enterprise server 15 SP5
1.13.2-150200.6.12.1
fixed
terraform-provider-local
suse enterprise sap 15 SP4
2.0.0-150200.6.17.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.17.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.17.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.17.1
fixed
terraform-provider-null
suse enterprise sap 15 SP4
3.0.0-150200.6.18.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.18.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.18.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.18.1
fixed
terraform-provider-random
suse enterprise sap 15 SP4
3.0.0-150200.6.15.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.15.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.15.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.15.1
fixed
terraform-provider-tls
suse enterprise sap 15 SP4
3.0.0-150200.5.15.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.5.15.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.5.15.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.5.15.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-cloudwatch-agent
Amazon Linux 2
0:1.300055.3-1.amzn2
fixed
Amazon Linux 2023
0:1.300055.3-1.amzn2023
fixed
amazon-ssm-agent
Amazon Linux 2
0:3.3.3050.0-1.amzn2
fixed
Amazon Linux 2023
0:3.3.3050.0-1.amzn2023
fixed
ecs-init
Amazon Linux 2023
0:1.94.0-1.amzn2023
fixed
nerdctl
Amazon Linux 2
0:2.0.5-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.0.5-1.amzn2023.0.1
fixed
nerdctl-debuginfo
Amazon Linux 2
0:2.0.5-1.amzn2.0.1
fixed
runfinch-finch
Amazon Linux 2023
0:1.8.1-1.amzn2023.0.1
fixed
soci-snapshotter
Amazon Linux 2023
0:0.9.0-1.amzn2023.0.3
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
cert-manager
Azure Linux 3.0
0:1.12.15-4.azl3
fixed
CBL-Mariner 2.0
0:1.11.2-23.cm2
fixed
cf-cli
Azure Linux 3.0
0:8.7.11-3.azl3
fixed
cni-plugins
Azure Linux 3.0
0:1.4.0-3.azl3
fixed
CBL-Mariner 2.0
0:1.3.0-8.cm2
fixed
containerd2
Azure Linux 3.0
0:2.0.0-9.azl3
fixed
containerized-data-importer
Azure Linux 3.0
0:1.57.0-14.azl3
fixed
cri-tools
Azure Linux 3.0
0:1.32.0-2.azl3
fixed
CBL-Mariner 2.0
0:1.29.0-8.cm2
fixed
dasel
Azure Linux 3.0
0:2.8.1-2.azl3
fixed
docker-buildx
Azure Linux 3.0
0:0.14.0-6.azl3
fixed
docker-compose
Azure Linux 3.0
0:2.27.0-5.azl3
fixed
gh
Azure Linux 3.0
0:2.62.0-8.azl3
fixed
helm
Azure Linux 3.0
0:3.15.2-3.azl3
fixed
CBL-Mariner 2.0
0:3.14.2-6.cm2
fixed
ig
Azure Linux 3.0
0:0.37.0-4.azl3
fixed
influxdb
Azure Linux 3.0
0:2.7.5-5.azl3
fixed
keda
Azure Linux 3.0
0:2.14.1-7.azl3
fixed
kube-vip-cloud-provider
Azure Linux 3.0
0:0.0.10-4.azl3
fixed
kubernetes
Azure Linux 3.0
0:1.30.10-7.azl3
fixed
CBL-Mariner 2.0
0:0.0.0.cm2
fixed
kubevirt
Azure Linux 3.0
0:1.2.0-17.azl3
fixed
CBL-Mariner 2.0
0:0.59.0-28.cm2
fixed
multus
Azure Linux 3.0
0:4.0.2-5.azl3
fixed
CBL-Mariner 2.0
0:4.0.2-8.cm2
fixed
nvidia-container-toolkit
Azure Linux 3.0
0:1.17.8-2.azl3
fixed
CBL-Mariner 2.0
0:1.17.8-3.cm2
fixed
packer
Azure Linux 3.0
0:1.9.5-9.azl3
fixed
CBL-Mariner 2.0
0:1.9.5-13.cm2
fixed
podman
Azure Linux 3.0
0:5.6.1-2.azl3
fixed
prometheus-adapter
Azure Linux 3.0
0:0.12.0-3.azl3
fixed
sriov-network-device-plugin
Azure Linux 3.0
0:3.7.0-4.azl3
fixed
CBL-Mariner 2.0
0:3.6.2-9.cm2
fixed
telegraf
Azure Linux 3.0
0:1.31.0-10.azl3
fixed
CBL-Mariner 2.0
0:1.29.4-16.cm2
fixed
vitess
CBL-Mariner 2.0
0:17.0.7-8.cm2
fixed