CVE-2025-28244 is a high-severity vulnerability affecting Alteryx Server version 2023.1.1.460. The vulnerability arises from insecure permissions set on the local storage used by the application, specifically allowing remote attackers to access valid user session tokens stored in the browser's localStorage. Because session tokens are critical for maintaining authenticated sessions, unauthorized access to these tokens enables attackers to perform account takeover attacks without needing valid credentials. The vulnerability is classified under CWE-922, which relates to improper permissions on critical resources. The CVSS v3.1 base score is 8.8, indicating a high impact with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network with low attack complexity, requires no privileges, but does require user interaction (such as clicking a malicious link). The scope is unchanged, but the impact on confidentiality, integrity, and availability is high, as attackers can fully compromise user accounts and potentially disrupt services. No patches or exploits in the wild are currently reported, but the vulnerability's nature makes it a significant risk, especially in environments where Alteryx Server is used for sensitive data analytics and workflows. The lack of affected version details beyond 2023.1.1.460 suggests the issue is specific to this release or similar builds. The vulnerability highlights the risk of improper client-side storage permissions, which can expose session tokens to cross-site scripting (XSS) or other remote code execution vectors, facilitating session hijacking and privilege escalation.

For European organizations using Alteryx Server 2023.1.1.460, this vulnerability poses a critical risk to data confidentiality and operational integrity. Alteryx Server is widely used for data analytics, business intelligence, and workflow automation, often handling sensitive corporate and personal data. An attacker exploiting this vulnerability could hijack user sessions, gaining unauthorized access to sensitive analytics dashboards, data pipelines, and potentially confidential business information. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), and significant reputational damage. Additionally, attackers could manipulate or disrupt data workflows, impacting business continuity. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger exploitation, increasing the risk in environments with less mature security awareness. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score underscores the urgency for European organizations to address this vulnerability promptly.

1. Immediate mitigation should involve restricting or disabling localStorage usage for session tokens in Alteryx Server, replacing it with more secure storage mechanisms such as HttpOnly, Secure cookies that are inaccessible to client-side scripts. 2. Implement Content Security Policy (CSP) headers to reduce the risk of XSS attacks that could exploit this vulnerability. 3. Conduct thorough security reviews and penetration testing focused on client-side storage and session management in Alteryx Server deployments. 4. Educate users on phishing risks and enforce multi-factor authentication (MFA) to reduce the impact of session token theft. 5. Monitor network traffic and user sessions for anomalous activity indicative of session hijacking. 6. Engage with Alteryx support or security advisories to obtain patches or updates addressing this vulnerability as soon as they become available. 7. Apply strict access controls and network segmentation to limit exposure of Alteryx Server instances. 8. Regularly audit and update browser security settings and extensions to minimize attack surface related to localStorage exploitation.