CVE-2025-10235 is a cross-site scripting (XSS) vulnerability identified in Scada-LTS versions up to 2.7.8.1, specifically within the Reports Module component handling the /reports.shtm file. The vulnerability arises from improper sanitization or validation of the 'Colour' argument, which allows an attacker to inject malicious scripts that execute in the context of the victim's browser. This flaw can be exploited remotely without authentication, although it requires user interaction to trigger the malicious payload. The vulnerability has a CVSS 4.0 base score of 4.8, categorized as medium severity. The attack vector is network-based (remote), with low attack complexity, no privileges required, but user interaction is necessary. The impact primarily affects the integrity of the user session and potentially confidentiality if sensitive data is accessible via the injected script. The vendor was notified but did not respond, and no patches have been published yet. While no known exploits are reported in the wild, proof-of-concept code is available, increasing the risk of exploitation. Given that Scada-LTS is an open-source SCADA platform used for industrial control systems, this vulnerability could be leveraged to perform phishing, session hijacking, or deliver further payloads within critical infrastructure environments.

For European organizations, especially those operating critical infrastructure such as energy, water, manufacturing, and transportation sectors that rely on SCADA systems, this vulnerability poses a tangible risk. Exploitation could lead to unauthorized script execution in operator consoles or management interfaces, potentially allowing attackers to manipulate displayed data, steal session tokens, or conduct social engineering attacks targeting system operators. While the vulnerability does not directly allow control system manipulation, the compromise of operator interfaces can facilitate further attacks or disrupt monitoring and reporting functions. The medium severity score reflects limited direct impact on availability or control system integrity but highlights the risk to confidentiality and integrity of user sessions. European organizations with deployments of Scada-LTS, particularly in countries with significant industrial automation adoption, may face increased exposure. The lack of vendor response and absence of patches exacerbate the risk, as organizations must rely on mitigations or workarounds until a fix is available.

Given the absence of an official patch, European organizations should implement specific mitigations to reduce exposure. These include: 1) Restricting access to the /reports.shtm endpoint via network segmentation and firewall rules to limit exposure to trusted users and IP ranges only. 2) Employing web application firewalls (WAFs) with custom rules to detect and block malicious payloads targeting the 'Colour' parameter. 3) Encouraging operators to avoid clicking on suspicious links or interacting with untrusted content related to the reports module. 4) Implementing Content Security Policy (CSP) headers on the SCADA web interface to restrict script execution sources and mitigate XSS impact. 5) Monitoring logs for unusual requests or patterns targeting the vulnerable parameter. 6) Considering temporary disabling or restricting the Reports Module if feasible until a patch is released. 7) Engaging with the vendor or community to track patch availability and applying updates promptly once released. These targeted mitigations go beyond generic advice by focusing on controlling access, filtering inputs at the network and application layers, and reducing the attack surface in operational environments.