QwikSec

Security Database

CVE

CWE

Training

CVE-2025-6725

Published: Jul 2, 2025

Modified: Jul 2, 2025

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.

Vendor	Product	Versions
Progress Software	Kendo UI for jQuery	affected `2024.4.1112 - <= 2025.2.520`
Progress Software	Kendo UI for Angular	affected `18.5.0 - <= 19.1.2`
Progress Software	KendoReact	affected `5.10.0 - <= 11.1.0`
Progress Software	Telerik UI for ASP.NET MVC	affected `2024.4.1112 - <= 2025.2.520`
Progress Software	Telerik UI for ASP.NET Core	affected `2024.4.1112 - <= 2025.2.520`
Progress Software	Telerik UI for Blazor	affected `3.6.0 - <= 9.0.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725

https://www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

https://www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

https://www.telerik.com/kendo-jquery-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

https://www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.