This vulnerability (CVE-2025-24656) affects Realtyna Provisioning (versions <= 1.2.2) and involves improper neutralization of input during web page generation, resulting in a reflected Cross-site Scripting (XSS) issue. The CVSS v3.1 base score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. The vulnerability allows an attacker to inject malicious scripts that execute in the victim's browser when they visit a crafted URL or page. No patch or vendor advisory is currently provided to confirm remediation status.

Successful exploitation of this reflected XSS vulnerability can lead to execution of arbitrary scripts in the context of the victim's browser, potentially resulting in theft of user credentials, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability to a limited extent. The CVSS score of 7.1 reflects these impacts. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when interacting with untrusted inputs or URLs related to Realtyna Provisioning. Implementing web application firewall (WAF) rules to detect and block reflected XSS attempts may provide temporary mitigation.