Is unopim/unopim affected by CVE-2025-55742?

Packagist unopim/unopim is affected in <0.2.1.

Is CVE-2025-55742 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2025-55742

Q: Is CVE-2025-55742 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Packagist · unopim/unopim

Summary

UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality

Severity: medium
EPSS: 0.3% (p26)
Also known as: GHSA-xr97-25v7-hc2q
Published: 2025-08-21

References

https://github.com/unopim/unopim/security/advisories/GHSA-xr97-25v7-hc2q
https://nvd.nist.gov/vuln/detail/CVE-2025-55742
https://github.com/unopim/unopim/commit/49d5f6ac4d5d9ef7d9cdfe01853234d531c55f75

Related advisories

CVE-2025-55741 — high · Packagist/unopim/unopim
CVE-2025-55743 — high · Packagist/unopim/unopim
CVE-2025-55744 — medium · Packagist/unopim/unopim
CVE-2024-52305 — medium · Packagist/unopim/unopim
CVE-2024-50637 — medium · Packagist/unopim/unopim

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.