CVE-2025-6725

Summary

In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareKendo UI for jQuery2024.4.1112 <= 2025.2.520affected
Progress SoftwareKendo UI for Angular18.5.0 <= 19.1.2affected
Progress SoftwareKendoReact5.10.0 <= 11.1.0affected
Progress SoftwareTelerik UI for ASP.NET MVC2024.4.1112 <= 2025.2.520affected
Progress SoftwareTelerik UI for ASP.NET Core2024.4.1112 <= 2025.2.520affected
Progress SoftwareTelerik UI for Blazor3.6.0 <= 9.0.0affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References