CVE-2025-63830

Name of the Vulnerable Software and Affected Versions CKFinder version 1.4.3

Description CKFinder 1.4.3 is susceptible to a Cross Site Scripting (XSS) issue within the File Upload function. An attacker can exploit this by uploading a specially crafted SVG file containing active content. The vulnerable component is the file upload functionality, which does not properly sanitize uploaded SVG files. The File Upload function allows for the injection of malicious scripts through crafted SVG content.

Recommendations Update to a newer version that contains a fix for this vulnerability.