CVE-2025-63848 Overview
CVE-2025-63848 is a stored cross-site scripting (XSS) vulnerability affecting SWI-Prolog SWISH through version 2.2.0. SWISH is the web-based integrated development environment (IDE) for SWI-Prolog, providing notebook-style interaction with Prolog programs through a browser. The flaw allows attackers to inject arbitrary JavaScript through crafted web IDE notebook content. When another user views the affected notebook, the payload executes in their browser session. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation).
Critical Impact
Attackers can execute arbitrary JavaScript in the browsers of users viewing malicious notebooks, enabling session hijacking, credential theft, and unauthorized actions in the SWISH environment.
Affected Products
- SWI-Prolog SWISH versions through 2.2.0
- Self-hosted SWISH deployments exposing the web IDE
- Multi-user SWISH instances sharing notebooks between users
Discovery Timeline
- 2025-11-20 - CVE-2025-63848 published to the National Vulnerability Database (NVD)
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-63848
Vulnerability Analysis
The vulnerability resides in the SWISH web IDE notebook rendering pipeline. SWISH permits users to author and share notebooks containing Prolog code, documentation, and HTML fragments. The application fails to properly neutralize user-supplied content before storing it and rendering it back to viewers. An attacker with the ability to save a notebook can embed JavaScript payloads that execute when other users open the notebook.
Because the payload is stored server-side, exploitation does not require the attacker to lure victims to a crafted external URL. Any user who navigates to the affected notebook triggers execution. The attack requires user interaction (viewing the notebook) but no privileges from the victim. The scope is changed because the injected script executes in the security context of the SWISH origin, potentially crossing trust boundaries between authenticated users.
Root Cause
The root cause is improper output encoding of notebook content during HTML rendering. SWISH stores notebook cells that can include markup, and the sanitization applied to this content does not strip or encode all script-execution vectors. Event handler attributes, embedded HTML, and JavaScript URI schemes can survive the sanitization layer and reach the DOM as executable code.
Attack Vector
An attacker crafts a SWISH notebook containing an XSS payload in a markdown cell, HTML fragment, or metadata field that reaches unsanitized rendering. The attacker saves the notebook to a publicly accessible or shared location on a SWISH instance. When a victim opens the notebook, the browser parses and executes the embedded script under the SWISH origin. The script can then read session cookies, submit queries as the victim, or exfiltrate stored Prolog programs. The vulnerability is described in the public proof-of-concept repository.
No verified exploitation code is reproduced here. Refer to the SWI-Prolog GitHub repository and the linked advisory for technical specifics.
Detection Methods for CVE-2025-63848
Indicators of Compromise
- Notebook files containing <script> tags, javascript: URIs, or DOM event handler attributes such as onerror, onload, or onclick in user-authored cells
- Outbound HTTP requests from SWISH user browsers to unfamiliar domains shortly after opening a shared notebook
- Unexpected session cookie access or credential submission events originating from the SWISH origin
- New or modified notebook files in shared storage authored by low-trust accounts
Detection Strategies
- Scan stored SWISH notebooks for HTML tags, inline event handlers, and script URIs that should not appear in legitimate Prolog documentation cells
- Deploy a Content Security Policy (CSP) in report-only mode and review violation reports for unexpected script sources
- Correlate web server access logs with notebook edit timestamps to identify accounts staging suspicious content
- Monitor browser console errors and network anomalies during SWISH usage in enterprise deployments
Monitoring Recommendations
- Alert on file writes to the SWISH notebook storage directory that include HTML script markers
- Log and retain notebook diffs so security teams can review changes retroactively
- Track authentication events for the SWISH instance and correlate with notebook access patterns
- Enable browser telemetry from managed endpoints that access self-hosted SWISH instances
How to Mitigate CVE-2025-63848
Immediate Actions Required
- Restrict notebook creation and modification permissions to trusted users until an official patch is applied
- Isolate the SWISH instance behind authentication and remove anonymous write access to notebook storage
- Audit existing notebooks for HTML content, script tags, and event handlers before allowing user access
- Consider taking multi-user SWISH deployments offline if untrusted users can save notebooks
Patch Information
At the time of publication, refer to the SWI-Prolog GitHub repository for the latest SWISH release addressing CVE-2025-63848. Upgrade beyond version 2.2.0 once a fixed release is available. Verify integrity of any deployed patch against upstream release artifacts.
Workarounds
- Enforce a strict Content Security Policy that disallows inline scripts and restricts script sources to the SWISH origin
- Place SWISH behind a reverse proxy that strips or encodes HTML in notebook payloads
- Disable notebook sharing between users and operate SWISH as a single-user local tool where feasible
- Sanitize existing notebook storage by removing HTML fragments prior to rendering
# Example nginx configuration adding a restrictive CSP header for a SWISH reverse proxy
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

