CVE-2025-63830

MEDIUM

CKFinder 1.4.3 - Stored Cross-Site Scripting via SVG File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-63830. PoCs published by Shubham03007.

AI-analyzed exploit summary This repository contains a detailed writeup and proof-of-concept for CVE-2025-63830, a stored XSS vulnerability in CKFinder v1.4.3 via malicious SVG upload. The writeup includes steps to reproduce, impact analysis, and remediation recommendations.

Description

CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

Exploits (1)

nomisec WRITEUP

by Shubham03007 · poc

https://github.com/Shubham03007/CVE-2025-63830

View Code ZIP pw:eip

This repository contains a detailed writeup and proof-of-concept for CVE-2025-63830, a stored XSS vulnerability in CKFinder v1.4.3 via malicious SVG upload. The writeup includes steps to reproduce, impact analysis, and remediation recommendations.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CKFinder v1.4.3

Auth required

Prerequisites: Access to CKFinder file upload functionality · Valid user credentials

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://ckeditor.com/ckfinder/changelog/

Exploit, Third Party Advisory

https://github.com/Shubham03007/CVE-2025-63830/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 13.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

cksource/ckfinder 1.4.3

Published Nov 14, 2025

Tracked Since Feb 18, 2026