Is code16/sharp affected by CVE-2025-62798?

Packagist code16/sharp is affected in <9.11.1.

Is CVE-2025-62798 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2025-62798

Q: Is CVE-2025-62798 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

Packagist · code16/sharp

Summary

Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax

Severity: medium
EPSS: 0.2% (p7)
Also known as: GHSA-9f58-4465-23c7
Published: 2025-10-29

References

https://github.com/code16/sharp/security/advisories/GHSA-9f58-4465-23c7
https://nvd.nist.gov/vuln/detail/CVE-2025-62798
https://github.com/code16/sharp/pull/654

Related advisories

CVE-2026-44692 — high · Packagist/code16/sharp
CVE-2026-33686 — high · Packagist/code16/sharp
CVE-2026-33687 — high · Packagist/code16/sharp
CVE-2025-61457 — medium · Packagist/code16/sharp

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.