CVE-2025-6725
MEDIUMKendo UI for jQuery 2024.4.1112-2025.2.520 - Stored Cross-Site Scripting in PdfViewer Component
Title source: llmDescription
In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
References (6)
Core 6
Core References
Various Sources
https://www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
Various Sources
https://www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
Various Sources
https://www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725
Various Sources
https://www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
Scores
CVSS v3
5.4
EPSS
0.0022
EPSS Percentile
12.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (6)
Progress Software/Kendo UI for Angular
18.5.0 - 19.1.2
Progress Software/Kendo UI for jQuery
2024.4.1112 - 2025.2.520
Progress Software/KendoReact
5.10.0 - 11.1.0
Progress Software/Telerik UI for ASP.NET Core
2024.4.1112 - 2025.2.520
Progress Software/Telerik UI for ASP.NET MVC
2024.4.1112 - 2025.2.520
Progress Software/Telerik UI for Blazor
3.6.0 - 9.0.0
Published
Jul 02, 2025
Tracked Since
Feb 18, 2026