CVE-2025-28245 is a cross-site scripting (XSS) vulnerability identified in Alteryx Server version 2023.1.1.460. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code through the notification body component of the server. XSS vulnerabilities occur when an application includes untrusted data in a web page without proper validation or escaping, enabling attackers to execute malicious scripts in the context of the victim's browser. In this case, the injection point is the notification body, which is likely rendered in the user interface of Alteryx Server. The CVSS 3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) shows that the attack can be performed remotely over the network without privileges, requires user interaction (such as clicking a crafted notification), and impacts confidentiality and integrity with a scope change. The vulnerability is classified under CWE-79, which is the standard identifier for XSS issues. No known exploits are currently reported in the wild, and no patches or mitigations have been linked yet. The vulnerability could allow attackers to steal session tokens, perform actions on behalf of users, or manipulate displayed content, potentially leading to further compromise of user accounts or data leakage within the Alteryx Server environment.

For European organizations using Alteryx Server 2023.1.1.460, this vulnerability poses a risk primarily to the confidentiality and integrity of data processed or visualized through the platform. Alteryx Server is widely used for data analytics and workflow automation, often handling sensitive business intelligence and operational data. Exploitation could allow attackers to execute malicious scripts in the context of authenticated users, potentially leading to session hijacking, unauthorized data access, or manipulation of analytics results. This could undermine trust in data integrity and confidentiality, disrupt business processes, and expose organizations to regulatory compliance risks under GDPR if personal or sensitive data is involved. The requirement for user interaction means phishing or social engineering tactics might be used to trigger the exploit. While availability is not directly impacted, the indirect consequences of data manipulation or unauthorized access could have operational and reputational effects. Given the medium severity and lack of known exploits, the immediate risk is moderate but should be addressed promptly to prevent escalation.

European organizations should implement the following specific mitigation steps: 1) Immediately review and monitor any notifications generated by Alteryx Server for suspicious or unexpected content, especially those containing HTML or script-like elements. 2) Restrict or sanitize user input that can influence notification content, applying strict input validation and output encoding to neutralize potential script injections. 3) Educate users about the risk of interacting with unexpected or suspicious notifications to reduce the likelihood of successful user interaction exploitation. 4) Deploy web application firewalls (WAF) with rules targeting XSS attack patterns on the Alteryx Server interface. 5) Monitor logs for unusual activity or repeated attempts to inject scripts via notifications. 6) Engage with Alteryx support or vendor channels to obtain patches or updates as soon as they become available, and plan for rapid deployment. 7) Consider isolating Alteryx Server access to trusted networks and users to reduce exposure. 8) Implement Content Security Policy (CSP) headers if possible to restrict script execution contexts within the application.