CVE-2025-22872

EUVD-2025-11453
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
golang-github-prometheus-node_exporter
suse enterprise server 12 SP5
1.9.1-1.36.2
fixed
helm
suse enterprise sap 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise sap 15 SP7
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP4
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP7
3.18.3-150000.1.50.1
fixed
helm-bash-completion
suse enterprise sap 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise sap 15 SP7
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP4
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP7
3.18.3-150000.1.50.1
fixed
helm-zsh-completion
suse enterprise sap 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise sap 15 SP7
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP4
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP6
3.18.3-150000.1.50.1
fixed
suse enterprise server 15 SP7
3.18.3-150000.1.50.1
fixed
kubevirt-manifests
suse enterprise sap 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise sap 15 SP7
1.6.3-150700.3.13.1
fixed
suse enterprise server 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise server 15 SP7
1.6.3-150700.3.13.1
fixed
kubevirt-virtctl
suse enterprise sap 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise sap 15 SP7
1.6.3-150700.3.13.1
fixed
suse enterprise server 15 SP6
1.4.1-150600.5.24.1
fixed
suse enterprise server 15 SP7
1.6.3-150700.3.13.1
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
References
https://go.dev/cl/662715
https://go.dev/issue/73070
https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA
https://pkg.go.dev/vuln/GO-2025-3595
https://security.netapp.com/advisory/ntap-20250516-0007/