Medium severity5.4NVD Advisory· Published Sep 15, 2025· Updated Apr 15, 2026

CVE-2025-45091

Description

Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious XSS payload in notification and activities.

Affected products

Haiwen/Seafileinferred
Range: =11.0.18-Pro, =12.0.10, =12.0.10-Pro
Seafile/Seafile Serverllm-fuzzy
Range: 11.0.18-Pro, 12.0.10, 12.0.10-Pro

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plus.seafile.com/wiki/publish/seafile-wiki/txzO/nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000