CKEditor 5 v46.0.3 Release Highlights: Security Fix Introduced

CKEditor 5 v46.0.3 has been released to address a cross-site scripting (XSS) vulnerability (CVE-2025-58064) in the clipboard package.

# UPDATED Security Fix for Clipboard Package 

A cross-site scripting (XSS) vulnerability (CVE-2025-58064) was discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution if an attacker inserted malicious content into the editor.

This vulnerability only affects installations where the editor configuration meets one of the following criteria:

• The HTML embed plugin is enabled

• A custom plugin introducing an editable element which implements ViewRawElement is enabled

For more details you can refer to the security advisory or contact us if you have more questions.

#Quick Links for CKEditor v46.0.3

• Download the latest version of CKEditor: CDN, npm or zip packages.

• CKEditor 5 Builder

• CKEditor 5 installation guides

• CKEditor 5 documentation

• CKEditor 5 changelog

• CKEditor 5 pricing 

• CKEditor 5 license

• Getting support for CKEditor 5 

• Report issues on GitHub repository

#Learn more about previous CKEditor 5 versions

• CKEditor 5 v46.0.0. Release Highlights: Introducing Line Height, Server-side Editor API, EU Region, and more

• CKEditor 5 v45.0.0 Release Highlights: Introducing Email Editing Support, Fullscreen Mode, and Smarter Linking

• CKEditor 5 v44.2.0 Release Highlights: Introducing Enhanced Source Code Editing, Image Optimizer, Emoji feature, and more

• CKEditor 5 v44.0.0 Release Highlights: Introducing Self-Service Plans and the Bookmarks Feature

• CKEditor v43.0.0 Release Highlights - All-new Merge Fields and Export to Word v2