CVE-2026-25630 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
The following security vulnerability was identified in jsPDF versions <=3.0.4: Local File Inclusion/Path Traversal.
Since SurveyJS PDF Generator depends on jsPDF, any project using survey-pdf v1.12.58 and lower or v2.5.4 and lower could be exposed to this vulnerability.
SurveyJS PDF Generator has upgraded jsPDF to version >= 4.0.0 and included the fix in the following survey-pdf releases:
Users should upgrade survey-pdf in their projects to v1.12.59+ or v2.5.5+ immediately.
No other survey-pdf dependencies are affected. This update is fully backward-compatible with previous survey-pdf releases.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.