How severe is CVE-2025-25303?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-25303?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2025-25303 - MEDIUM Severity | CVSS N/A

Vulnerability Description

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user’s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue.

Related Vulnerabilities

CVE-2016-10926

CRITICAL

CVSS:10.0(Critical)

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.

CWE-9182016

CVE-2016-10927

CRITICAL

CVSS:10.0(Critical)

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

CWE-9182016

CVE-2017-11291

CRITICAL

CVSS:10.0(Critical)

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.

CWE-9182017

CVE-2017-12905

CRITICAL

CVSS:10.0(Critical)

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

CWE-9182017

CVE-2017-8794

CRITICAL

CVSS:10.0(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.ht...

CWE-9182017

CVE-2018-10511

CRITICAL

CVSS:10.0(Critical)

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

CWE-9182018