CVE-2025-63830 | THREATINT

Description

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-14 | Updated 2025-11-14 | Assigner mitre

References

ckeditor.com/ckfinder/changelog/

github.com/Shubham03007/CVE-2025-63830/blob/main/README.md

cve.org (CVE-2025-63830)

nvd.nist.gov (CVE-2025-63830)

Download JSON