to terminate the script and inject arbitrary JavaScript."}},{"@type":"Question","name":"Is CVE-2025-15265 being actively exploited?","acceptedAnswer":{"@type":"Answer","text":"It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 0%."}},{"@type":"Question","name":"What products does CVE-2025-15265 affect?","acceptedAnswer":{"@type":"Answer","text":"Tracked products affected include Svelte. Check the version you run to see whether it is affected."}},{"@type":"Question","name":"How do I fix CVE-2025-15265?","acceptedAnswer":{"@type":"Answer","text":"Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version."}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://isitpatched.com/"},{"@type":"ListItem","position":2,"name":"Actively exploited","item":"https://isitpatched.com/exploited"},{"@type":"ListItem","position":3,"name":"CVE-2025-15265","item":"https://isitpatched.com/cve/CVE-2025-15265"}]}]
Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2025-15265

MEDIUM severity · CVSS 6.1 · Cross-site scripting (XSS)
6.1CVSS MEDIUM

Summary

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This issue affects Svelte: from 5.46.0 before 5.46.3.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactLow
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products we track (1)

Svelte

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information