Cross-Site Scripting Vulnerability in CKEditor5 Youtube by Drupal
CVE-2025-6674

Currently unrated

Key Information:

Vendor: Drupal
Status: Ckeditor5 Youtube
Vendor: CVE Published:; 26 June 2025

What is CVE-2025-6674?

The vulnerability in CKEditor5 Youtube allows attackers to exploit improper neutralization of input during web page generation, resulting in Cross-Site Scripting (XSS). This security flaw affects versions from 0.0.0 up to but not including 1.0.3.

Affected Version(s)

CKEditor5 Youtube 0.0.0 < 1.0.3

References

https://www.drupal.org/sa-contrib-2025-081

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 25, 2025

Credit

nico.b

Brahim Khouy (b.khouy)

Abderrahim GHAZALI ð¤ (g.abderrahim)

nico.b

Greg Knaddison (greggles)