{"id":52238,"date":"2025-06-15T19:07:17","date_gmt":"2025-06-15T19:07:17","guid":{"rendered":""},"modified":"2025-08-07T23:27:51","modified_gmt":"2025-08-08T05:27:51","slug":"cve-2025-31039-unveiling-the-xml-external-entity-reference-vulnerability-in-pixelgrade-category-icon","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-31039-unveiling-the-xml-external-entity-reference-vulnerability-in-pixelgrade-category-icon\/","title":{"rendered":"CVE-2025-31039: Unveiling the XML External Entity Reference Vulnerability in Pixelgrade Category Icon<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The digital world is a vast, interconnected ecosystem where even the smallest vulnerability can lead to cataclysmic results. One such vulnerability has been found lurking in the Pixelgrade Category Icon, marked by the CVE identification code: CVE-2025-31039. This vulnerability involves improper restriction of XML External Entity (XXE) reference, which opens up a doorway for potential system compromise<\/a> or data leakage.
\nThis vulnerability has a significant impact<\/a> on all systems running the Category Icon plugin from Pixelgrade, versions up to and including 1.0.2. It’s of paramount importance for cybersecurity experts, system administrators, and users alike, as its exploitation can lead to severe security breaches and potential<\/a> data loss.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-31039
\nSeverity: Critical (9.1 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n