AngularJS vulnerability CVE-2025-0716

[henrykuijpers]

[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0,0': 
[ERROR] 
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-animate.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-animate.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-aria.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-aria.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-cookies.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-cookies.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-loader.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-loader.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-message-format.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-message-format.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-messages.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-messages.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-mocks.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-parse-ext.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-parse-ext.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-resource.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-resource.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-route.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-route.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-sanitize.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-sanitize.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-touch.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular-touch.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)
[ERROR] acs-aem-commons-all-6.12.0.zip: acs-aem-commons-ui.apps-6.12.0.zip: angular.min.js (pkg:javascript/angularjs@1.8.2): CVE-2025-0716(3.9)

[kwin]

We have lots of reports related to that: https://github.com/Adobe-Consulting-Services/acs-aem-commons/issues?q=is%3Aissue%20state%3Aopen%20angular%20vulnerable. If no one steps up to update them nothing will change I guess.