CVE-2025-6725

MEDIUM

Kendo UI for jQuery 2024.4.1112-2025.2.520 - Stored Cross-Site Scripting in PdfViewer Component

Title source: llm
STIX 2.1

Description

In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.

Scores

CVSS v3 5.4
EPSS 0.0022
EPSS Percentile 12.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (6)
Progress Software/Kendo UI for Angular 18.5.0 - 19.1.2
Progress Software/Kendo UI for jQuery 2024.4.1112 - 2025.2.520
Progress Software/KendoReact 5.10.0 - 11.1.0
Progress Software/Telerik UI for ASP.NET Core 2024.4.1112 - 2025.2.520
Progress Software/Telerik UI for ASP.NET MVC 2024.4.1112 - 2025.2.520
Progress Software/Telerik UI for Blazor 3.6.0 - 9.0.0
Published Jul 02, 2025
Tracked Since Feb 18, 2026