Cross Site Scripting Vulnerability in CKFinder by CKEditor
CVE-2025-63830

6.1MEDIUM

Key Information:

Vendor: CKEditor
Status: CKFinder
Vendor: CVE Published:; 14 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-63830?

CKFinder version 1.4.3 has a vulnerability that allows attackers to exploit the File Upload feature by uploading a specially crafted SVG file containing active content. This could lead to malicious scripts being executed in the context of the user's browser, permitting unauthorized access to sensitive information or user sessions. It is crucial for users of CKFinder to ensure their installations are updated to mitigate this risk. For detailed changelogs and updates on this vulnerability, please refer to the official CKEditor changelog and related GitHub resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-63830
Created by Shubham03007

References

https://ckeditor.com/ckfinder/changelog/

https://github.com/Shubham03007/CVE-2025-63830/blob/main/...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2025
🟡
Public PoC available
Nov 12, 2025
👾
Exploit known to exist
Nov 12, 2025
Vulnerability Reserved
Oct 27, 2025

JSON

CKEditor