CVE-2025-65203
- Source
- https://cve.org/CVERecord?id=CVE-2025-65203
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65203.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65203
- Published
- 2025-12-17T18:15:48.860Z
- Modified
- 2026-03-13T03:41:11.114364Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials.
- References
Affected packages
Git / github.com/keepassxreboot/keepassxc-browser
Affected versions
0.*
0.1.0
0.1.1
0.1.10
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
1.*
1.0.0
1.0.0-beta1
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.7.0
1.7.0-beta1
1.7.1
1.7.10
1.7.10.1
1.7.11
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.8.1
1.7.9
1.7.9.1
1.8.0
1.8.1
1.8.10
1.8.11
1.8.12
1.8.2
1.8.2.1
1.8.2.2
1.8.3.1
1.8.4
1.8.5
1.8.5.1
1.8.6
1.8.6.1
1.8.7
1.8.8
1.8.8.1
1.8.9
1.9.0
1.9.0.1
1.9.0.2
1.9.0.3
1.9.0.4
1.9.0.5
1.9.1
1.9.1.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9.9.1
1.9.9.2