Sync with Kendo UI Professional

kendo-bot · kendo-bot · commit a9fdfcc9097d · 2025-07-03T04:22:19.000Z
diff --git a/docs-aspnet/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725.md b/docs-aspnet/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725.md
@@ -0,0 +1,44 @@
+---
+title: Cross-Site Scripting (XSS) Vulnerability (6725)
+description: "How to mitigate CVE-2025-6725, a Cross-Site Scripting (XSS) vulnerability."
+slug: kb-security-pdfviewer-xss-cve-2025-6725
+res_type: kb
+---
+
+## Description
+
+Security Notification – July 2025 - [CVE-2025-6725](https://www.cve.org/CVERecord?id=CVE-2025-6725)
+
+- Progress® Telerik® UI for {{ site.framework }} (2025.2.520) or earlier.
+
+### What Are the Impacts
+
+In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
+
+## Issue
+
+CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
+
+## Solution
+
+We have addressed the issue and the Progress team strongly recommends performing an upgrade to the latest version listed in the table below.
+
+| Current Version | Update to |
+|-----------------|----------|
+| `>= v2024.4.1112` && `<= v2025.2.520` | `>= v2025.2.702` |
+
+Follow the [update instructions]({% slug upgrade_aspnetcore %}) for precise instructions. All customers who have a license can access the downloads here [Product Downloads | Your Account](https://www.telerik.com/account/downloads/product-download).
+
+## Notes
+
+- If you do not use the PdfViewer in your application, the application is not vulnerable.
+- If you have any questions or concerns related to this issue, open a new Technical Support case in [Your Account | Support Center](https://www.telerik.com/account/support-center/contact-us/). Technical Support is available to customers with an active support plan.
+- We would like to thank ATTRIBUTION for responsibly disclosing this vulnerability.
+
+## External References
+
+[CVE-2025-6725](https://www.cve.org/CVERecord?id=CVE-2025-6725) (MEDIUM)
+
+**CVSS:** 5.4
+
+In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
diff --git a/docs-aspnet/styles-and-layout/sass-themes/compatibility.md b/docs-aspnet/styles-and-layout/sass-themes/compatibility.md
@@ -10,6 +10,7 @@ The following table lists the Telerik UI for {{ site.framework }} versions and t
 
 | Telerik UI for {{ site.framework }} | Kendo UI Sass Themes |
 |:---         |:---                     |
+| Telerik UI 2025.2.702 (2025.2.702) | @progress/kendo-theme-bootstrap@11.0.2<br>@progress/kendo-theme-classic@11.0.2<br>@progress/kendo-theme-default@11.0.2<br>@progress/kendo-theme-fluent@11.0.2<br>@progress/kendo-theme-material@11.0.2 |
 | Telerik UI 2025.2.520 (Q2 2025.2.520) | @progress/kendo-theme-bootstrap@11.0.2<br>@progress/kendo-theme-classic@11.0.2<br>@progress/kendo-theme-default@11.0.2<br>@progress/kendo-theme-fluent@11.0.2<br>@progress/kendo-theme-material@11.0.2 |
 | Telerik UI 2025.1.227 (2025.1.227) | @progress/kendo-theme-bootstrap@10.2.0<br>@progress/kendo-theme-classic@10.2.0<br>@progress/kendo-theme-default@10.2.0<br>@progress/kendo-theme-fluent@10.2.0<br>@progress/kendo-theme-material@10.2.0 |
 | Telerik UI 2025.1.211 (Q1 2025) | @progress/kendo-theme-bootstrap@10.2.0<br>@progress/kendo-theme-classic@10.2.0<br>@progress/kendo-theme-default@10.2.0<br>@progress/kendo-theme-fluent@10.2.0<br>@progress/kendo-theme-material@10.2.0 |
diff --git a/docs/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725.md b/docs/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725.md
@@ -0,0 +1,44 @@
+---
+title: Cross-Site Scripting (XSS) Vulnerability (6725)
+description: "How to mitigate CVE-2025-6725, a Cross-Site Scripting (XSS) vulnerability."
+slug: kb-security-pdfviewer-xss-cve-2025-6725
+res_type: kb
+---
+
+## Description
+
+Security Notification – July 2025 - [CVE-2025-6725](https://www.cve.org/CVERecord?id=CVE-2025-6725)
+
+- Progress® Kendo® UI for jQuery (2025.2.520) or earlier.
+
+### What Are the Impacts
+
+In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
+
+## Issue
+
+CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
+
+## Solution
+
+We have addressed the issue and the Progress team strongly recommends performing an upgrade to the latest version listed in the table below.
+
+| Current Version | Update to |
+|-----------------|----------|
+| `>= v2024.4.1112` && `<= v2025.2.520` | `>= v2025.2.702` |
+
+Follow the [update instructions]({% slug kendoui_npm_packages_kendoui_installation %}) for precise instructions. All customers who have a license can access the downloads here [Product Downloads | Your Account](https://www.telerik.com/account/downloads/product-download).
+
+## Notes
+
+- If you do not use the PdfViewer in your application, the application is not vulnerable.
+- If you have any questions or concerns related to this issue, open a new Technical Support case in [Your Account | Support Center](https://www.telerik.com/account/support-center/contact-us/). Technical Support is available to customers with an active support plan.
+- We would like to thank ATTRIBUTION for responsibly disclosing this vulnerability.
+
+## External References
+
+[CVE-2025-6725](https://www.cve.org/CVERecord?id=CVE-2025-6725) (MEDIUM)
+
+**CVSS:** 5.4
+
+In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
diff --git a/docs/styles-and-layout/sass-themes/compatibility.md b/docs/styles-and-layout/sass-themes/compatibility.md
@@ -13,6 +13,7 @@ The following table lists the Kendo UI for jQuery and Kendo UI Sass themes versi
 
 | kendo UI for jQuery | Kendo UI Sass Themes |
 |:---         |:---                     |
+| Kendo UI 2025.2.702 (2025.2.702) | @progress/kendo-theme-bootstrap@11.0.2<br>@progress/kendo-theme-classic@11.0.2<br>@progress/kendo-theme-default@11.0.2<br>@progress/kendo-theme-fluent@11.0.2<br>@progress/kendo-theme-material@11.0.2 |
 | Kendo UI 2025.2.520 (Q2 2025.2.520) | @progress/kendo-theme-bootstrap@11.0.2<br>@progress/kendo-theme-classic@11.0.2<br>@progress/kendo-theme-default@11.0.2<br>@progress/kendo-theme-fluent@11.0.2<br>@progress/kendo-theme-material@11.0.2 |
 | Kendo UI 2025.1.227 (2025.1.227) | @progress/kendo-theme-bootstrap@10.2.0<br>@progress/kendo-theme-classic@10.2.0<br>@progress/kendo-theme-default@10.2.0<br>@progress/kendo-theme-fluent@10.2.0<br>@progress/kendo-theme-material@10.2.0 |
 | Kendo UI 2025.1.211 (Q1 2025) | @progress/kendo-theme-bootstrap@10.2.0<br>@progress/kendo-theme-classic@10.2.0<br>@progress/kendo-theme-default@10.2.0<br>@progress/kendo-theme-fluent@10.2.0<br>@progress/kendo-theme-material@10.2.0 |
