CVE-2025-65790 is a reflected cross-site scripting (XSS) vulnerability found in FuguHub version 8.1, specifically within the /fs/ file manager interface that serves SVG files. The root cause is the lack of sanitization or restriction on script execution inside SVG content. SVG files can contain embedded JavaScript within <script> elements, and FuguHub fails to neutralize or block these scripts when serving SVGs. Consequently, when a victim user opens a maliciously crafted SVG file, the browser executes the embedded attacker-controlled JavaScript code. This can lead to various malicious outcomes, including session hijacking, theft of sensitive information, unauthorized actions on behalf of the user, or further exploitation of the victim’s browser environment. The vulnerability is reflected, meaning the malicious payload is delivered via a crafted URL or file that the victim must open. There is no CVSS score assigned yet, and no public exploits have been reported. However, the vulnerability is significant because SVG files are commonly used and trusted, and many browsers support inline scripting within SVGs. The lack of input validation or output encoding in FuguHub’s file manager interface increases the attack surface. This vulnerability affects organizations using FuguHub 8.1 for file sharing or management, potentially exposing internal users or external collaborators to attack if they open malicious SVG files. The vulnerability was reserved in November 2025 and published in December 2025, indicating recent discovery. No patches or fixes are currently linked, so mitigation relies on configuration changes and user awareness until official updates are released.

For European organizations, the impact of CVE-2025-65790 can be significant, especially for those relying on FuguHub 8.1 for internal or external file sharing. Successful exploitation can compromise user sessions, leading to unauthorized access to sensitive data or systems. This can result in data breaches, loss of confidentiality, and potential disruption of business operations. The vulnerability could also be leveraged as a foothold for further attacks within the network. Sectors such as finance, healthcare, government, and critical infrastructure in Europe are particularly at risk due to the sensitivity of their data and regulatory requirements like GDPR. Additionally, organizations with remote or hybrid workforces that frequently exchange files may see increased exposure. The reflected nature of the XSS requires user interaction, but phishing or social engineering can facilitate this. The absence of known exploits in the wild currently limits immediate risk, but the vulnerability’s presence in a widely used file management tool means it could be targeted in the near future. Overall, the impact on confidentiality and integrity is high, while availability impact is low to medium depending on subsequent attack chains.

To mitigate CVE-2025-65790, European organizations should implement the following specific measures: 1) Immediately restrict or disable the upload and serving of SVG files through the /fs/ file manager interface until a patch is available. 2) Employ strict content security policies (CSP) that disallow inline scripts and restrict script sources to trusted domains, reducing the risk of script execution from SVG files. 3) Use web application firewalls (WAFs) to detect and block malicious payloads targeting the SVG handling functionality. 4) Educate users about the risks of opening SVG files from untrusted sources and implement user awareness campaigns to reduce successful phishing attempts. 5) Monitor logs and network traffic for suspicious activity related to SVG file access or unusual script execution patterns. 6) Engage with FuguHub vendors or community to obtain patches or updates as soon as they become available and prioritize their deployment. 7) Consider implementing file type validation and sanitization at the gateway or proxy level to prevent malicious SVG content from reaching end users. 8) Review and tighten permissions on the file manager interface to limit exposure to only necessary users. These targeted actions go beyond generic advice and focus on the specific attack vector and environment.