CVE-2025-65516 is a stored cross-site scripting (XSS) vulnerability identified in Seafile Community Edition prior to version 13.0.12, specifically when the system is configured to use the Golang file server. The vulnerability arises because the application insufficiently sanitizes SVG files uploaded by users. An attacker can craft an SVG file embedding malicious JavaScript code and upload it to the Seafile server. By sharing the file via a public link, the attacker can entice victims to open the link, which triggers the execution of the embedded script in the victim's browser context. This stored XSS attack can lead to the theft of session tokens, user impersonation, or manipulation of the web interface, thereby compromising user confidentiality and integrity. The vulnerability does not affect availability and does not require any authentication to exploit, but it does require the victim to interact by clicking the malicious link. The CVSS 3.1 base score is 6.1 (medium severity), with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity. The issue has been addressed in Seafile Community Edition 13.0.12 by properly sanitizing SVG content and preventing script execution. No known exploits have been reported in the wild as of the publication date.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of user data and sessions. Organizations using vulnerable versions of Seafile with the Golang file server and allowing public sharing of files are at risk of targeted phishing or social engineering attacks leveraging malicious SVG files. Successful exploitation could lead to session hijacking, unauthorized actions on behalf of users, or disclosure of sensitive information accessible via the victim's browser session. While availability is not directly impacted, the reputational damage and potential data leakage could be significant, especially for organizations handling sensitive or regulated data under GDPR. The requirement for user interaction limits mass exploitation but targeted attacks against employees or partners remain feasible. The vulnerability could be exploited in environments where SVG files are commonly shared or where users are less cautious about opening public links. European organizations with collaborative workflows involving Seafile should consider this a priority vulnerability to patch to maintain compliance and security posture.

1. Immediately upgrade Seafile Community Edition to version 13.0.12 or later, which contains the fix for this vulnerability. 2. Until patching is complete, restrict or disable public sharing of SVG files via the Golang file server to prevent malicious uploads. 3. Implement content filtering or scanning on uploaded SVG files to detect and block files containing embedded scripts or suspicious elements. 4. Educate users about the risks of opening public links, especially those containing SVG files, and encourage verification of link sources. 5. Monitor web server and application logs for unusual file uploads or access patterns indicative of exploitation attempts. 6. Employ Content Security Policy (CSP) headers to restrict script execution from untrusted sources, mitigating impact if exploitation occurs. 7. Review and harden browser security settings and consider browser extensions that block or warn about suspicious scripts in SVG files. 8. Conduct regular security assessments and penetration testing focused on file upload and sharing functionalities to detect similar vulnerabilities.