CVE-2025-25299P4MEDIUM≥ 41.3.0, < 44.2.12025-02-20
CVE-2025-25299 [MEDIUM] CWE-79 Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package
### Impact
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document.
This vulnera
ghsaosv