CVE-2025-45388

Name of the Vulnerable Software and Affected Versions Wagtail CMS version 6.4.1

Description The issue is related to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes.

Recommendations For Wagtail CMS version 6.4.1, as a temporary workaround, consider restricting the upload of PDF files or disabling the document upload functionality until a patch is available. Avoid using the affected document upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.