The vulnerability identified as CVE-2025-23693 affects uosiu Secure CAPTCHA versions up to 1.2. It is a CSRF vulnerability that enables stored XSS attacks, potentially allowing an attacker to inject malicious scripts that persist within the application. The CVSS 3.1 vector indicates the attack can be performed remotely over the network without privileges, requires user interaction, and impacts confidentiality, integrity, and availability at a low to low-medium level. No known exploits are reported in the wild, and no vendor patch or advisory is currently available.

Successful exploitation of this vulnerability could allow an attacker to execute stored XSS attacks by leveraging CSRF, potentially leading to unauthorized actions performed on behalf of users, data manipulation, or session hijacking. The impact affects confidentiality, integrity, and availability, though the exact consequences depend on the deployment context and usage of the Secure CAPTCHA component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing additional CSRF protections and input validation controls around the Secure CAPTCHA component to mitigate potential exploitation. Monitor vendor channels for updates and apply patches promptly once available.