Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.

**Note:** Further analysis has identified additional proof-of-concept exploits leveraging the vulnerable function. Developers using this package should ensure proper input validation to mitigate potential risks, as the issue remains unaddressed.

Project Subscriptions

Vendors Products
Browsershot Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2025-0240 Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.
Github GHSA Github GHSA GHSA-j2gw-r24m-j2qw Browsershot Path Traversal
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 15 Jul 2026 16:00:00 +0000

Type Values Removed Values Added
Description Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content. Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content. **Note:** Further analysis has identified additional proof-of-concept exploits leveraging the vulnerable function. Developers using this package should ensure proper input validation to mitigate potential risks, as the issue remains unaddressed.

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00113}

epss

{'score': 0.00145}


Wed, 05 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 05 Feb 2025 05:15:00 +0000

Type Values Removed Values Added
Description Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published:

Updated: 2026-07-15T15:25:20.250Z

Reserved: 2025-02-04T10:20:48.623Z

Link: CVE-2025-1022

cve-icon Vulnrichment

Updated: 2025-02-05T19:29:26.599Z

cve-icon NVD

Status : Deferred

Published: 2025-02-05T05:15:10.337

Modified: 2026-06-17T08:38:14.920

Link: CVE-2025-1022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-21T15:17:49Z

Weaknesses