CVE-2025-63830

Publication date

2025-11-14 00:00:00

Family

mitre

State

PUBLISHED

Description

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.