CVE-2025-54384: 
Python vulnerability analysis and mitigation

CKAN, an open-source Data Management System (DMS) for powering data hubs and data portals, was found to contain a stored XSS vulnerability (CVE-2025-54384). The vulnerability was discovered in versions prior to 2.11.3 and was disclosed on October 29, 2025. The issue affects the helpers.markdown_extract() function which failed to properly sanitize user-provided input data before rendering it in HTML format (GitHub Advisory).

The vulnerability exists in the helpers.markdown_extract() function which insufficiently sanitizes input data before wrapping it in an HTML literal element. This function is used across multiple pages including dataset, resource, organization, and group pages, as well as any extension pages that utilize the helper function. The vulnerability has been assigned a CVSS v3.1 score of 6.3 (Moderate) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N (GitHub Advisory).

The vulnerability could lead to stored Cross-Site Scripting (XSS) attacks through user-provided data on various pages of CKAN installations. This could potentially result in high confidentiality impact and low integrity impact, allowing attackers to access unauthorized data and perform limited modifications (GitHub Advisory).

The vulnerability has been patched in CKAN versions 2.10.9 and 2.11.4. Users are advised to upgrade to these patched versions to protect against this security issue (GitHub Advisory).