CVE-2025-63830 PUBLISHED

Assigner: mitre
Reserved: 27.10.2025 Published: 14.11.2025 Updated: 14.11.2025

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://ckeditor.com/ckfinder/changelog/
https://github.com/Shubham03007/CVE-2025-63830/blob/main/README.md

Problem Types

n/a text