diff --git a/gems/sidekiq-cron/CVE-2025-67202.yml b/gems/sidekiq-cron/CVE-2025-67202.yml
new file mode 100644
index 0000000000..dcf9390d00
--- /dev/null
+++ b/gems/sidekiq-cron/CVE-2025-67202.yml
@@ -0,0 +1,23 @@
+---
+gem: sidekiq-cron
+cve: 2025-67202
+ghsa: xv9c-mjw8-79gf
+url: https://github.com/advisories/GHSA-xv9c-mjw8-79gf
+title: Sidekiq-cron is vulnerable to a cross-site scripting (xss)
+  vulnerability via crafted URL
+date: 2026-05-07
+description: |
+  Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq,
+  is vulnerable to a cross-site scripting (xss) vulnerability via crafted
+  URL being rended from cron.erb.
+cvss_v3: 6.1
+patched_versions:
+  - ">= 2.4.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-67202
+    - https://github.com/sidekiq-cron/sidekiq-cron/releases/tag/v2.4.0
+    - https://github.com/sidekiq-cron/sidekiq-cron/pull/568
+    - https://github.com/sidekiq-cron/sidekiq-cron/commit/7b4ae4822f93ef4646f5cb55500ca4e25662db7c
+    - https://github.com/sidekiq-cron/sidekiq-cron/issues/569
+    - https://github.com/advisories/GHSA-xv9c-mjw8-79gf