CVE-2025-6725

In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.

CVSS

No CVSS.

References

Link	Resource
https://www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
https://www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
https://www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725
https://www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
https://www.telerik.com/kendo-jquery-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

Configurations

No configuration.

History

02 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 15:15

Updated : 2025-07-02 15:15

NVD link : CVE-2025-6725

Mitre link : CVE-2025-6725

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "name": "https://www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "tags": [], "refsource": ""}, {"url": "https://www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "name": "https://www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "tags": [], "refsource": ""}, {"url": "https://www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725", "name": "https://www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725", "tags": [], "refsource": ""}, {"url": "https://www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "name": "https://www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "tags": [], "refsource": ""}, {"url": "https://www.telerik.com/kendo-jquery-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "name": "https://www.telerik.com/kendo-jquery-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "tags": [], "refsource": ""}, {"url": "https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "name": "https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-6725", "ASSIGNER": "security@progress.com"}}, "impact": {}, "publishedDate": "2025-07-02T15:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-02T15:15Z"}