CVE-2025-22491 is a Cross-site Scripting (XSS) vulnerability classified under CWE-79 affecting Eaton's Foreseer Reporting Software (FRS). The vulnerability arises from improper neutralization of user input on the Reporting Hierarchy Management page, where input is not sanitized correctly before being rendered in the web page. This flaw allows an attacker with high privileges to inject arbitrary JavaScript code that executes in the browsers of other users interacting with the affected page. The vulnerability requires local access with high privileges (as indicated by the CVSS vector AV:L/PR:H), and does not require user interaction for the malicious script to execute once injected. The impact affects confidentiality, integrity, and availability, as the injected script can steal sensitive session information, manipulate displayed data, or perform unauthorized actions on behalf of users. The issue has been addressed in version 1.5.100 of the software. No known exploits are currently reported in the wild. The CVSS v3.1 base score is 6.7, indicating a medium severity level, reflecting the need for high privileges to exploit and the local attack vector. Eaton Foreseer Reporting Software is used for operational and reporting purposes, often in industrial or enterprise environments, making this vulnerability relevant to organizations relying on this product for critical reporting functions.

For European organizations using Eaton Foreseer Reporting Software, this vulnerability poses a risk of unauthorized script execution within the context of the application, potentially leading to data leakage, session hijacking, or manipulation of reporting data. Given that the vulnerability requires high privileges and local access, the primary risk is insider threat or compromised privileged accounts. However, successful exploitation could undermine trust in reporting accuracy and confidentiality, impacting decision-making processes and regulatory compliance, especially in sectors like manufacturing, energy, or critical infrastructure where Eaton products are prevalent. The vulnerability could also facilitate lateral movement within networks if attackers leverage injected scripts to escalate privileges or pivot to other systems. The absence of known exploits reduces immediate risk, but the presence of a patch necessitates prompt remediation to prevent future exploitation.

European organizations should prioritize upgrading Eaton Foreseer Reporting Software to version 1.5.100 or later, where the vulnerability is patched. Until the update is applied, restrict access to the Reporting Hierarchy Management page to only trusted, high-privilege users and monitor for unusual activity indicative of attempted exploitation. Implement strict input validation and output encoding at the application layer if possible, to mitigate injection risks. Employ network segmentation and least privilege principles to limit the impact of compromised accounts. Regularly audit user privileges and access logs for anomalies. Additionally, educate privileged users about the risks of XSS and the importance of safeguarding credentials. Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious script injections targeting the affected page. Finally, maintain an incident response plan tailored to web application attacks to quickly address any exploitation attempts.