Cross Site Scripting Vulnerability in CKFinder by CKEditor
CVE-2025-63830
Key Information:
Badges
What is CVE-2025-63830?
CKFinder version 1.4.3 has a vulnerability that allows attackers to exploit the File Upload feature by uploading a specially crafted SVG file containing active content. This could lead to malicious scripts being executed in the context of the user's browser, permitting unauthorized access to sensitive information or user sessions. It is crucial for users of CKFinder to ensure their installations are updated to mitigate this risk. For detailed changelogs and updates on this vulnerability, please refer to the official CKEditor changelog and related GitHub resources.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.