Medium severity6.3OSV Advisory· Published Jul 14, 2025· Updated Apr 15, 2026

CVE-2025-53834

Description

Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.

Affected products

Caido/CaidoOSV
Range: v0.22.1, v0.23.1, v0.24.0, …

Patches

4d4da6f25ca7

https://github.com/caido/caidovia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/caido/caido/releases/tag/v0.49.0nvd
github.com/caido/caido/security/advisories/GHSA-h8jr-c6qq-h7m7nvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000