Is cadwyn affected by CVE-2025-53528?

PyPI cadwyn is affected in <5.4.3.

Is CVE-2025-53528 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2025-53528

Q: Is CVE-2025-53528 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

PyPI · cadwyn

Summary

Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably allow an attacker to execute JavaScript code o

Severity: medium
EPSS: 0.2% (p15)
Also known as: GHSA-2gxp-6r36-m97r, PYSEC-2025-71
Published: 2025-07-21

References

https://github.com/zmievsa/cadwyn/security/advisories/GHSA-2gxp-6r36-m97r
https://github.com/zmievsa/cadwyn/commit/b424ecd57cd8dabbc8fe39b8f8ccafea629c7728

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.