PatchSiren

netdata CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM netdata CVE published 2026-07-02

CVE-2025-71385

CVE-2025-71385 is a reflected cross-site scripting vulnerability in Netdata before version 2.3.1. The vulnerability exists in the api/v2/ilove.svg and api/v3/ilove.svg endpoints, which reflect user-supplied input from the 'love' query parameter into the generated SVG document without proper escaping. This allows an attacker to inject malicious scripts that execute in the victim's browser within the origin [truncated]