CVE-2025-11884 is a stored Cross-site Scripting (XSS) vulnerability identified in OpenText uCMDB version 24.4. The root cause is improper neutralization of input during web page generation, classified under CWE-79. This vulnerability allows an attacker with at least low-level privileges within the uCMDB environment to create or update data containing malicious scripts that are stored and later executed in the context of other users viewing the affected data. The vulnerability does not require user interaction to trigger the script execution once the malicious payload is stored. The CVSS 4.0 vector indicates network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability, resulting in an overall low severity score of 2.3. The vulnerability's impact is primarily on confidentiality due to potential session hijacking or unauthorized actions performed via the injected script. No public exploits or active exploitation have been reported yet. The vulnerability affects only version 24.4 of uCMDB, and no patches have been linked yet, indicating the need for vendor-provided fixes or workarounds. Given that uCMDB is used for configuration management and IT asset tracking, exploitation could lead to unauthorized data exposure or manipulation within enterprise environments.

For European organizations, the impact of CVE-2025-11884 can range from limited to moderate depending on the deployment context of OpenText uCMDB. Since uCMDB is often used in IT service management and configuration management databases, exploitation could allow attackers to inject malicious scripts that execute in the context of administrative or operational users. This could lead to session hijacking, unauthorized data access, or manipulation of configuration data, potentially disrupting IT operations or exposing sensitive information. Organizations in sectors with stringent regulatory requirements such as finance, healthcare, and critical infrastructure may face compliance risks if such vulnerabilities are exploited. The low CVSS score reflects the requirement for some level of privilege and high attack complexity, reducing the likelihood of widespread exploitation. However, the stored nature of the XSS means that once injected, the malicious payload can affect multiple users over time, increasing risk in environments with many users accessing uCMDB data. The absence of known exploits in the wild currently limits immediate risk but does not preclude future exploitation attempts.

1. Restrict user privileges within uCMDB to the minimum necessary, especially limiting write or update permissions to trusted administrators only. 2. Implement strict input validation and output encoding on all user-supplied data fields within uCMDB to prevent injection of malicious scripts. 3. Monitor logs and audit trails for unusual data changes or script injections. 4. Apply vendor patches promptly once available; engage with OpenText support for any interim fixes or recommended configurations. 5. Use web application firewalls (WAFs) with custom rules to detect and block suspicious script payloads targeting uCMDB interfaces. 6. Educate administrators and users about the risks of stored XSS and encourage reporting of anomalous behavior. 7. Consider isolating uCMDB access to trusted networks and enforce multi-factor authentication to reduce risk of compromised accounts. 8. Regularly review and update security policies related to configuration management tools to include XSS threat awareness.