CVE-2025-5138 – Bitwarden PDF File Handler Cross Site Scripting Vulnerability

May 25, 2025

CVE ID : CVE-2025-5138

Published : May 25, 2025, 1:15 a.m. | 3 hours, 48 minutes ago

Description : A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5139 – Qualitor Office365 File Command Injection Vulnerability

Next Article 8 Best Free and Open Source Linux Personal Information Managers

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

CVE-2025-5138 – Bitwarden PDF File Handler Cross Site Scripting Vulnerability

Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors

Devman Claims Cyberattack on Thailand Ministry of Labour, Demands $15M Ransom

A Step-by-Step Guide to Build an Automated Knowledge Graph Pipeline Using LangGraph and NetworkX

CVE-2025-27522 – Apache InLong Deserialization of Untrusted Data Remote Code Execution Vulnerability

CVE-2025-49261 – ThemBay Diza PHP Remote File Inclusion Vulnerability

CVE-2022-50223 – LoongArch Linux Kernel CPUInfo Information Disclosure Vulnerability

CVE-2025-49277 – Unfoldwp Blogprise PHP Remote File Inclusion Vulnerability

Introducing AWS MCP Servers for code assistants (Part 1)

CVE-2025-3516 – WordPress Simple Lightbox Stored Cross-Site Scripting

Marvel Rivals Season 2 is introducing Emma Frost’s thighs, the Hellfire Gala, and Ultron

CVE-2025-5138 – Bitwarden PDF File Handler Cross Site Scripting Vulnerability

Related Posts