CVE-2025-30087 is a cross-site scripting (XSS) vulnerability classified under CWE-79 that affects Best Practical RT (Request Tracker) versions 4.4.0 through 4.4.7 and 5.0.0 through 5.0.7. The vulnerability stems from improper neutralization of user-supplied input during web page generation, specifically via crafted parameters embedded in search URLs. When an attacker crafts a malicious URL containing executable script code within these parameters, the RT application fails to sanitize or encode this input properly before rendering it in the browser. This allows the injected script to execute in the context of the victim's browser session. The vulnerability is remotely exploitable over the network without requiring authentication or any user interaction, increasing its risk profile. The CVSS v3.1 base score is 7.2, reflecting high severity due to its low attack complexity, no privileges required, and the potential for confidentiality and integrity impacts, such as session hijacking, data theft, or unauthorized actions performed on behalf of the user. The scope is marked as changed, indicating that the vulnerability affects components beyond the initially vulnerable module, potentially impacting the entire RT web interface. No public exploits have been reported yet, but the presence of this vulnerability in widely used RT versions means that threat actors could develop exploits. The lack of available patches at the time of publication necessitates immediate attention to mitigation strategies. RT is a popular open-source ticketing system used by many organizations for managing IT service requests, incident tracking, and customer support, making this vulnerability particularly relevant for enterprises relying on RT for critical workflows.

For European organizations, the impact of CVE-2025-30087 can be significant, especially for those using Best Practical RT as a core component of their IT service management or customer support infrastructure. Successful exploitation could lead to unauthorized disclosure of sensitive information, including ticket contents and user session data, compromising confidentiality. Attackers could also manipulate ticket data or perform actions on behalf of legitimate users, affecting data integrity. While availability is not directly impacted, the trustworthiness and reliability of the RT system could be undermined, potentially disrupting support operations. Given that RT is often integrated with other internal systems, a compromise could facilitate lateral movement or further exploitation within an organization's network. European organizations in sectors such as finance, healthcare, government, and critical infrastructure, where RT is used, face increased risk due to the sensitivity of the data handled. Additionally, compliance with GDPR and other data protection regulations means that exploitation could result in regulatory penalties and reputational damage. The vulnerability's remote and unauthenticated nature increases the likelihood of exploitation attempts, making timely mitigation critical.

To mitigate CVE-2025-30087 effectively, European organizations should implement the following specific measures: 1) Immediately review and restrict access to RT instances, limiting exposure to trusted networks or VPNs to reduce attack surface. 2) Employ web application firewalls (WAFs) with custom rules to detect and block malicious payloads in search URL parameters, focusing on typical XSS attack patterns. 3) Implement strict input validation and output encoding on all user-supplied data within RT, particularly for search parameters, to prevent script injection. 4) Monitor RT logs for unusual or suspicious URL requests that may indicate exploitation attempts. 5) Engage with Best Practical for patches or security updates and apply them promptly once available. 6) Educate users and administrators about the risks of clicking on untrusted links related to RT and encourage cautious handling of URLs. 7) Consider deploying Content Security Policy (CSP) headers to restrict script execution sources within RT web pages. 8) Conduct penetration testing and vulnerability scanning focused on RT environments to identify and remediate similar injection flaws. These targeted actions go beyond generic advice and address the specific nature of this XSS vulnerability in RT.