Reflected Cross-Site Scripting Vulnerability in Caido's Web Security Toolkit
CVE-2025-53834

6.3MEDIUM

Key Information:

Vendor: Caido
Status: Caido
Vendor: CVE Published:; 14 July 2025

What is CVE-2025-53834?

A reflected cross-site scripting (XSS) vulnerability exists in the toast UI component of the Caido web security auditing toolkit, allowing unsanitized user input to be reflected in certain tools like Match&Replace and Scope. This could enable attackers to execute arbitrary scripts within a victim's browser session. The vulnerability has been addressed in version 0.49.0, which includes necessary sanitization improvements to protect against such exploits.

Affected Version(s)

caido < 0.49.0

References

https://github.com/caido/caido/security/advisories/GHSA-h...

x_refsource_CONFIRM

https://github.com/caido/caido/releases/tag/v0.49.0

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025
Vulnerability Reserved
Jul 9, 2025