Description

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

Remediation

References

CVE-2025-26525

Related Vulnerabilities

WordPress Plugin Simple visitor stat Cross-Site Scripting (1.0)

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1595)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2005-4349)

Oracle JRE CVE-2019-2975 Vulnerability (CVE-2019-2975)

Internet Information Services Other Vulnerability (CVE-2002-0150)

Severity

High

Classification

CVE-2025-26525 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities