CVE-2025-66412 HIGH

Published: 2025-12-01 | Last Modified: 2026-06-02 | Status: Modified

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.

CVSS Metrics

Base Score: 5.4 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	REQUIRED
Scope	CHANGED
Confidentiality Impact	LOW
Integrity Impact	LOW
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.3

Impact Score: 2.7

Base Score: 8.5 (HIGH)

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	NETWORK
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	LOW
User Interaction	ACTIVE
Vulnerability Confidentiality	HIGH
Vulnerability Integrity	HIGH
Vulnerability Availability	HIGH
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-79

Affected Products

Vendor	Product	Version	Update	Type
angular	angular	*	<built-in method update of dict object at 0x7f76027f7000>	Application
angular	angular	*	<built-in method update of dict object at 0x7f76027f6580>	Application
angular	angular	*	<built-in method update of dict object at 0x7f76027f7400>	Application
angular	angular	*	<built-in method update of dict object at 0x7f76394ce580>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:angular:angular::::::node.js::*`
Yes	`cpe:2.3:a:angular:angular::::::node.js::*`
Yes	`cpe:2.3:a:angular:angular::::::node.js::*`
Yes	`cpe:2.3:a:angular:angular::::::node.js::*`

References

https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a
Source: [email protected]

Patch
https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
Source: [email protected]

Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
https://cert-portal.siemens.com/productcert/html/ssa-485750.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e