Description

The vulnerability stems from improper sanitization of LLM outputs. Malicious content may be rendered or executed if the response is not adequately handled.

Remediation

Enhance output sanitization and validation. Ensure that all responses from the LLM are properly processed and any untrusted content is safely handled.

References

OWASP Top 10 for LLM Applications 2025

Related Vulnerabilities

LLM Command Injection

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)

XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)

Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808)

Severity

High

Classification

CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

Tags

Llm Llm Insecure Output Handling