CVE-2025-28380 is a cross-site scripting (XSS) vulnerability identified in OpenC3 COSMOS version 6.0.0. This vulnerability arises from insufficient input validation or output encoding of URL parameters, allowing an attacker to inject crafted malicious scripts or HTML code into the URL parameter. When a victim user accesses a manipulated URL containing the malicious payload, the injected script executes within the context of the victim's browser session. This can lead to unauthorized actions such as session hijacking, cookie theft, defacement, or redirection to malicious sites. The vulnerability specifically targets the web interface of OpenC3 COSMOS, a software platform used for command and control operations, which suggests that the affected component is a web application handling URL parameters without proper sanitization. No affected versions beyond 6.0.0 are specified, and no patches or known exploits in the wild have been reported as of the publication date (June 13, 2025). The absence of a CVSS score indicates that the vulnerability has not yet been fully assessed for severity, but the technical nature of XSS vulnerabilities is well understood. Exploitation does not require authentication or user privileges but does require user interaction in the form of clicking or visiting a maliciously crafted URL. The impact primarily affects confidentiality and integrity of user sessions and data within the affected web application environment.

For European organizations using OpenC3 COSMOS v6.0.0, this XSS vulnerability poses risks primarily to the confidentiality and integrity of their web-based command and control operations. Successful exploitation could allow attackers to impersonate legitimate users, steal session tokens, or manipulate displayed content, potentially leading to unauthorized access or manipulation of sensitive operational data. Given OpenC3 COSMOS’s role in command and control, such compromises could disrupt mission-critical workflows or lead to data leakage. While availability impact is limited, the reputational damage and operational disruption could be significant, especially for organizations in sectors such as defense, aerospace, or critical infrastructure that rely on OpenC3 COSMOS. The lack of known exploits suggests limited current active threat, but the vulnerability's public disclosure increases the risk of future exploitation attempts. European organizations with web-facing OpenC3 COSMOS interfaces are particularly vulnerable if users can be tricked into clicking malicious URLs, emphasizing the need for awareness and mitigation.

1. Immediate implementation of input validation and output encoding on all URL parameters within the OpenC3 COSMOS web interface to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 3. Conduct thorough code reviews and penetration testing focused on injection points in the web application to identify and remediate similar vulnerabilities. 4. Educate users and administrators about the risks of clicking on untrusted links and implement email/web filtering to detect and block malicious URLs targeting this vulnerability. 5. If possible, isolate the OpenC3 COSMOS web interface behind VPNs or access control mechanisms to reduce exposure to external attackers. 6. Monitor web server and application logs for suspicious URL parameter usage indicative of attempted exploitation. 7. Engage with the vendor or development team to obtain or request a security patch or update addressing this vulnerability. 8. Consider deploying web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting the affected parameters.