CVE-2025-63848 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-63848?

CVE-2025-63848 has a CVSS score of 6.1 (MEDIUM). This stored cross-site scripting (XSS) vulnerability in SWI-Prolog allows attackers to inject malicious scripts into web IDE notebooks. When users view these notebooks, the scripts execute in their browsers, potentially compromising their sessions or systems. Anyone using SWI-Prolog web IDE through version 2.2.0 is affected.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in SWI-Prolog allows attackers to inject malicious scripts into web IDE notebooks. When users view these notebooks, the scripts execute in their browsers, potentially compromising their sessions or systems. Anyone using SWI-Prolog web IDE through version 2.2.0 is affected.

💻 Affected Systems

Products:

SWI-Prolog

Versions: through 2.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects web IDE notebook functionality; command-line and other interfaces not impacted.

📦 What is this software?

Swish by Swi Prolog

View all CVEs affecting Swish →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of web IDE content through script execution in victim browsers.

🟢

If Mitigated

Limited impact with proper content security policies, input validation, and output encoding in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to create or modify web IDE notebooks; public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not yet released

Vendor Advisory: https://github.com/SWI-Prolog

Restart Required: Yes

Instructions:

1. Monitor SWI-Prolog GitHub for security updates. 2. Upgrade to patched version when available. 3. Restart SWI-Prolog services after update.

🔧 Temporary Workarounds

Disable Web IDE

all

Temporarily disable SWI-Prolog web IDE functionality until patch is available.

Configure SWI-Prolog to not start web server or disable web IDE module

Implement Content Security Policy

all

Add strict CSP headers to prevent script execution from untrusted sources.

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server headers

🧯 If You Can't Patch

Restrict access to SWI-Prolog web IDE to trusted users only
Implement web application firewall rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check if SWI-Prolog version is 2.2.0 or earlier and web IDE is enabled.

Check Version:

swipl --version

Verify Fix Applied:

After update, verify version is above 2.2.0 and test XSS payloads no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual notebook creation/modification patterns
Suspicious script tags in notebook content

Network Indicators:

Malicious script payloads in HTTP POST/PUT requests to notebook endpoints

SIEM Query:

source="swi-prolog" AND (http_method="POST" OR http_method="PUT") AND (uri="*notebook*" OR uri="*ide*") AND (content="<script>" OR content="javascript:")

📊 Metadata

CVE ID: CVE-2025-63848

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (15.2th percentile)

Published: November 20, 2025

Last Updated: December 12, 2025

🔗 References

https://github.com/SWI-Prolog Product
https://github.com/coderMohammed1/CVE-2025-63848 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63848, you might also want to check these: