Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Dec 4, 2025

Multiple vulnerabilities in Seafile

CVE-2025-41079

Description

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

Affected products

Seafile/Seafile Serverllm-fuzzy
Range: =12.0.10
Seafile/Seafilev5
Range: 12.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-seafilemitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000