CVE-2025-12330 is a Cross Site Scripting vulnerability identified in Willow CMS versions 1.0 through 1.4.0, specifically within the administrative interface at the /admin/articles/add endpoint. The vulnerability arises due to insufficient sanitization of user-supplied input in the 'title' and 'body' parameters when adding new posts. This allows an attacker with authenticated access to inject malicious JavaScript code that executes in the context of an administrator's browser session. The CVSS 4.0 vector indicates the attack can be launched remotely (AV:N) with low attack complexity (AC:L), but requires privileges (PR:H) and user interaction (UI:P). The impact on confidentiality is none, integrity is low, and availability is none, reflecting the medium severity rating of 4.8. Although no exploits have been observed in the wild, public proof-of-concept code exists, increasing the risk of exploitation. The vulnerability could enable attackers to hijack admin sessions, perform unauthorized actions, or steal sensitive information accessible to the admin user. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for interim mitigations.

For European organizations using Willow CMS, this vulnerability poses a risk primarily to administrative users who manage website content. Successful exploitation could lead to session hijacking, unauthorized content modification, or the injection of malicious content that affects site visitors. This can damage organizational reputation, lead to data breaches, or facilitate further attacks such as phishing. The requirement for authenticated access limits exposure but insider threats or compromised credentials could be leveraged by attackers. Organizations in sectors with high reliance on CMS platforms for public-facing content, such as media, education, and government, may face higher risks. Additionally, the presence of public exploit code increases the likelihood of opportunistic attacks. The impact on availability is minimal, but integrity and confidentiality of administrative functions are at risk, potentially affecting trust and compliance with data protection regulations like GDPR.

Organizations should monitor Willow CMS vendor communications for official patches and apply them promptly once available. Until patches are released, administrators should restrict access to the /admin/articles/add page using network-level controls such as IP whitelisting or VPN access. Implement strict input validation and sanitization on all user inputs, especially in administrative interfaces. Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts. Regularly audit user accounts and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of credential compromise. Educate administrators about the risks of XSS and the importance of cautious interaction with content inputs. Consider using web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting the affected parameters. Finally, monitor logs for unusual activity around the article addition functionality to detect potential exploitation attempts early.