What is CVE-2025-53838?

CVE-2025-53838 is a vulnerability in Kovah Linkace, classified under Cross-site Scripting. Published 2025-09-08.

Is CVE-2025-53838 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Kovah Linkace

CVE-2025-53838

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the co…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (25.0th percentile) — read the EPSS interpretation.

Affected products

Kovah Linkace — versions < 2.1.9

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

Medok228/Medok228

References

https://github.com/Kovah/LinkAce/security/advisories/GHSA-vwmx-v9qf-q656 (x_refsource_CONFIRM)
https://github.com/Kovah/LinkAce/commit/4da467a4b0fbb1650670e603f4449b8a47695631 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-53838?: CVE-2025-53838 is a vulnerability in Kovah Linkace, classified under Cross-site Scripting. Published 2025-09-08.
Is CVE-2025-53838 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.