CVE-2025-63830: XSS
Published Nov 14, 2025
·Updated
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
Affected Software
2 affected components
CKSource Ckfinder
CKSource Ckfinder=1.4.3
Event History
Nov 14, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-63830?
CVE-2025-63830 is rated high severity due to its potential for Cross Site Scripting (XSS) attacks.
2
How do I fix CVE-2025-63830?
To fix CVE-2025-63830, update CKFinder to the latest version that addresses this vulnerability.
3
What is the impact of CVE-2025-63830?
The impact of CVE-2025-63830 includes the ability for attackers to execute scripts in the context of a user's session.
4
Which versions of CKFinder are affected by CVE-2025-63830?
CKFinder versions prior to 1.4.4 are affected by CVE-2025-63830.
5
What type of vulnerability is CVE-2025-63830?
CVE-2025-63830 is a Cross Site Scripting (XSS) vulnerability specifically related to file uploads.