CVE-2025-53834 MEDIUM

CVE-2025-53834: Caido Toast Vulnerable to Reflected Cross-site Scripting

Vendor Caido
Product caido
Weakness CWE-79 · XSS
Published July 14, 2025
Last update July 15, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.

Key dates

02Disclosure timeline

July 14, 2025 CVE published
July 15, 2025 Record updated

Related vulnerabilities

04Related CVE