CVE-2025-22628 is a stored cross-site scripting (XSS) vulnerability identified in the FolioVision Filled In product, versions up to 1.9.2. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing malicious scripts to be stored and later executed in the context of users' browsers. Stored XSS is particularly dangerous because the malicious payload persists on the server and can affect multiple users without requiring repeated attacker interaction. The vulnerability does not specify the need for authentication, suggesting that attackers may exploit it without logging into the application. This can lead to theft of session cookies, defacement, or execution of arbitrary actions with the victim's privileges. Although no public exploits have been reported yet, the presence of this vulnerability in a widely used form-building tool could make it an attractive target for attackers aiming to compromise web applications that use Filled In for user input collection. The lack of a CVSS score indicates that the vulnerability is newly published and awaiting further analysis. The absence of patches at the time of publication means organizations must rely on interim mitigations such as input sanitization and CSP enforcement. The vulnerability highlights the importance of secure coding practices in web applications, especially those handling user-generated content.

The impact of CVE-2025-22628 can be significant for organizations using the Filled In product. Successful exploitation allows attackers to inject persistent malicious scripts that execute in the browsers of users visiting affected pages. This can lead to session hijacking, theft of sensitive information such as credentials or personal data, unauthorized actions performed on behalf of users, and potential spread of malware. For organizations, this can result in data breaches, reputational damage, regulatory penalties, and loss of user trust. Since Filled In is a form-building tool, the vulnerability could be exploited to compromise data collection processes or manipulate form submissions. The ease of exploitation without authentication increases the risk, especially for public-facing web applications. While no known exploits are currently active, the vulnerability's presence in a widely deployed product means the attack surface is broad, potentially affecting many organizations globally. The impact extends to both confidentiality and integrity of data, with possible secondary effects on availability if attackers leverage the vulnerability for further attacks.

To mitigate CVE-2025-22628, organizations should prioritize applying official patches from FolioVision as soon as they become available. In the interim, implement strict input validation and output encoding on all user-supplied data to prevent malicious scripts from being stored or rendered. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the risk of XSS exploitation. Review and harden web application firewalls (WAFs) to detect and block suspicious payloads targeting this vulnerability. Conduct thorough code audits focusing on input handling and sanitization in the Filled In integration points. Educate developers on secure coding practices related to XSS prevention. Additionally, monitor logs and user reports for unusual activity that may indicate exploitation attempts. If feasible, restrict or limit the exposure of the Filled In forms to trusted users or networks until patches are applied. Finally, maintain an incident response plan to quickly address any exploitation events.