CVE-2025-6725 Cross-Site Scripting (XSS) in PdfViewer

🗓️ 02 Jul 2025 14:39:15Reported by ProgressSoftwareType

Cross-Site Scripting vulnerability in PdfViewer allows exploitation with crafted documents.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-6725	2 Jul 202515:09	–	circl
CNNVD	Progress多款产品跨站脚本漏洞	2 Jul 202500:00	–	cnnvd
CVE	CVE-2025-6725	2 Jul 202514:39	–	cve
EUVD	EUVD-2025-19729	3 Oct 202520:07	–	euvd
NVD	CVE-2025-6725	2 Jul 202515:15	–	nvd
Positive Technologies	PT-2025-27642 · Unknown · Pdf Viewer	2 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-6725	4 Jul 202515:24	–	redhatcve
Vulnrichment	CVE-2025-6725 Cross-Site Scripting (XSS) in PdfViewer	2 Jul 202514:39	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Kendo UI for jQuery",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThanOrEqual": "2025.2.520",
        "status": "affected",
        "version": "2024.4.1112",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Kendo UI for Angular",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThanOrEqual": "19.1.2",
        "status": "affected",
        "version": "18.5.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "KendoReact",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThanOrEqual": "11.1.0",
        "status": "affected",
        "version": "5.10.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Telerik UI for ASP.NET MVC",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThanOrEqual": "2025.2.520",
        "status": "affected",
        "version": "2024.4.1112",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Telerik UI for ASP.NET Core",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThanOrEqual": "2025.2.520",
        "status": "affected",
        "version": "2024.4.1112",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Telerik UI for Blazor",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThanOrEqual": "9.0.0",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
telerik	www.telerik.com/kendo-jquery-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
telerik	www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725
telerik	www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
telerik	www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
telerik	www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725
telerik	www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725

02 Jul 2025 14:39Current

CVSS 3.15.4

EPSS0.00234

CWE-79