CVE-2025-25303

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-25303

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25303.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-25303

Published

2025-03-03T16:47:10.222Z

Modified

2026-04-10T05:24:21.892159Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Server-Side Request Forgery (SSRF) in MouseTooltipTranslator

Details

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user’s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/25xxx/CVE-2025-25303.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/ttop32/mousetooltiptranslator

Affected ranges

Type

GIT

Repo

https://github.com/ttop32/mousetooltiptranslator

Events

Introduced

Last affected

ddd040686f08454c8e22f78d8e348deebb6ec483

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.1.127"
        }
    ]
}

Affected versions

0.*

0.1.100

0.1.101

0.1.102

0.1.103

0.1.104

0.1.105

0.1.106

0.1.107

0.1.108

0.1.109

0.1.110

0.1.111

0.1.112

0.1.113

0.1.114

0.1.115

0.1.116

0.1.117

0.1.118

0.1.119

0.1.120

0.1.121

0.1.122

0.1.123

0.1.124

0.1.125

0.1.126

0.1.127

0.1.15

0.1.16

0.1.30

0.1.31

0.1.32

0.1.36

0.1.63

0.1.70

0.1.71

0.1.72

0.1.73

0.1.74

0.1.75

0.1.76

0.1.77

0.1.78

0.1.79

0.1.80

0.1.81

0.1.82

0.1.83

0.1.84

0.1.85

0.1.86

0.1.87

0.1.88

0.1.89

0.1.90

0.1.91

0.1.92

0.1.93

0.1.94

0.1.95

0.1.96

0.1.97

0.1.98

0.1.99

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25303.json"