CVE-2025-65203

Description

KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-17 | Updated 2025-12-17 | Assigner mitre

References

github.com/keepassxreboot/keepassxc-browser/issues/2647

github.com/keepassxreboot/keepassxc-browser/pull/2648

cve.org (CVE-2025-65203)

nvd.nist.gov (CVE-2025-65203)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.