CVE-2025-54384: 
Python vulnerability analysis and mitigation

CVE-2025-54384 affects CKAN, an open-source data management system (DMS) for powering data hubs and data portals. The vulnerability was discovered and disclosed on October 29, 2025, affecting versions prior to 2.10.9 and 2.11.4. The issue resides in the helpers.markdown_extract() function, which failed to properly sanitize input data before wrapping it in an HTML literal element (GitHub Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability with a CVSS v3.1 base score of 6.3 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is unchanged (S:U), with high impact on confidentiality (C:H), low impact on integrity (I:L), and no impact on availability (A:N) (GitHub Advisory).

The vulnerability affects dataset, resource, organization, and group pages, as well as any page provided by an extension that uses the helpers.markdown_extract() function. When exploited, it allows attackers to execute malicious scripts through user-provided data, potentially compromising sensitive information and modifying page content (GitHub Advisory).

The vulnerability has been patched in CKAN versions 2.10.9 and 2.11.4. Users are advised to upgrade to these versions or later to mitigate the risk (GitHub Advisory).