The vulnerability identified as CVE-2025-25140 affects the Scriptonite Simple User Profile plugin through version 1.9. It is a Cross-Site Request Forgery (CSRF) issue that enables an attacker to execute stored cross-site scripting (XSS) attacks by tricking authenticated users into submitting unauthorized requests. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation of this vulnerability could allow attackers to perform actions on behalf of authenticated users without their consent, leading to stored XSS attacks. This can result in the execution of malicious scripts in the context of the affected application, potentially compromising user data and session integrity. The impact is rated high based on the CVSS score, but no known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens and validating user requests. Monitoring for updates from the vendor is recommended to apply any forthcoming patches promptly.