Critical severity9.8NVD Advisory· Published Mar 10, 2025· Updated Jun 17, 2026
CVE-2025-25977
CVE-2025-25977
Description
An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
canvgnpm | >= 4.0.0, < 4.0.3 | 4.0.3 |
canvgnpm | < 3.0.11 | 3.0.11 |
Affected products
49- canvg/canvgdescription
- osv-coords48 versionspkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:npm/canvg
< 2.19.1-r2+ 47 more
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: < 2.19.1-r2
- (no CPE)range: >= 4.0.0, < 4.0.3
Patches
Vulnerability mechanics
References
5- github.com/canvg/canvg/issues/1749nvdExploitIssue TrackingWEB
- github.com/advisories/GHSA-v2mw-5mch-w8c5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-25977ghsaADVISORY
- github.com/canvg/canvg/blob/937668eced93e0335c67a255d0d2277ea708b2cb/src/Document/StyleElement.tsghsaWEB
- github.com/canvg/canvg/commit/c3743e6345f3e01aefdcdd412c3f26494f4b5d7dghsaWEB
News mentions
0No linked articles in our index yet.