CVE-2025-66412 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-66412 PUBLISHED CVSS 8.5 HIGH

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

EPSS 0.04% · 11.5th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.04%

11.5th percentile

Affected Products

Vendor	Product	Versions
angular	compiler	21.0.0-next.0, 20.0.0-next.0, 19.0.0-next.0
angular	angular	0, 19.0.0, >= 21.0.0-next.0 < 21.0.2

Timeline

Nov 28, 2025 CVE ID Reserved
Dec 1, 2025 CVE Published
Dec 2, 2025 EPSS Score
Dec 2, 2025 PoC Published
Dec 2, 2025 CVE Updated
Dec 3, 2025 PoC Published
Dec 3, 2025 PoC Published
Dec 4, 2025 PoC Published
Dec 6, 2025 EPSS Score
Dec 10, 2025 EPSS Score
Dec 14, 2025 EPSS Score
Dec 18, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7261959 advisory
https://www.ibm.com/support/pages/node/7261794 advisory
https://www.ibm.com/support/pages/node/7261890 advisory
https://www.ibm.com/support/pages/node/7261887 advisory
https://www.ibm.com/support/pages/node/7261935 advisory
https://www.ibm.com/support/pages/node/7261436 advisory
https://www.ibm.com/support/pages/node/7261774 advisory
https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49 url
https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a url
https://nvd.nist.gov/vuln/detail/CVE-2025-66412 advisory
https://github.com/angular/angular package
https://www.ibm.com/support/pages/node/7270805 advisory
https://www.ibm.com/support/pages/node/7270827 advisory
https://www.ibm.com/support/pages/node/7270869 advisory
https://www.ibm.com/support/pages/node/7270820 advisory
https://www.ibm.com/support/pages/node/7270845 advisory
https://www.ibm.com/support/pages/node/7270868 advisory
https://www.ibm.com/support/pages/node/7270775 advisory
https://www.ibm.com/support/pages/node/7270692 advisory

Open in Interactive Console →