CVE-2025-12761 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Drupal Simple multi step form module versions prior to 2.0.0. The vulnerability stems from improper neutralization of user-supplied input during web page generation, which allows an attacker to inject malicious scripts into web pages viewed by other users. This flaw requires the attacker to have authenticated access (PR:H) and user interaction (UI:R) to exploit, indicating that the attacker must be logged in and trick a user into triggering the malicious payload. The attack vector is network-based (AV:N), and the attack complexity is low (AC:L), meaning that once the attacker has the necessary privileges, exploitation is straightforward. The vulnerability impacts confidentiality and integrity by potentially exposing sensitive session information or enabling unauthorized actions through script execution, but it does not affect system availability. The CVSS v3.1 base score is 3.5, reflecting its low severity. No public exploits have been reported yet, and no patches are linked in the provided data, but upgrading to version 2.0.0 or later is implied to resolve the issue. The vulnerability is particularly relevant for organizations running Drupal websites with the Simple multi step form module, especially where authenticated user input is common.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of web applications using the affected Drupal module. Attackers could exploit this XSS flaw to hijack user sessions, steal sensitive information, or conduct phishing attacks targeting authenticated users. While the impact on availability is negligible, the breach of confidentiality and integrity can lead to reputational damage, regulatory non-compliance (e.g., GDPR), and potential financial losses. Organizations relying on Drupal for critical web services, especially those handling personal data or financial transactions, are at higher risk. The requirement for authenticated access limits the attack surface but does not eliminate risk, as insider threats or compromised accounts could be leveraged. The lack of known exploits in the wild suggests a window of opportunity for proactive mitigation before widespread attacks occur.

1. Upgrade the Simple multi step form module to version 2.0.0 or later as soon as it becomes available to ensure the vulnerability is patched. 2. Implement strict input validation and output encoding on all user-supplied data within the module to prevent script injection. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser. 4. Monitor authenticated user activities for unusual behavior that could indicate exploitation attempts. 5. Conduct regular security audits and code reviews focusing on input handling in custom Drupal modules. 6. Educate users about phishing and social engineering tactics that could facilitate exploitation requiring user interaction. 7. Limit user privileges to the minimum necessary to reduce the risk posed by compromised accounts. 8. Use web application firewalls (WAFs) configured to detect and block XSS attack patterns targeting Drupal modules.