CVE-2025-30190 is a cross-site scripting (XSS) vulnerability identified in the Open-Xchange GmbH OX App Suite, a collaborative office and communication platform widely used in enterprise environments. The vulnerability stems from improper neutralization of input during the generation of web pages, specifically when users edit office documents within the suite. Maliciously crafted content embedded in office documents can inject script code that executes in the context of the user's browser session. This enables attackers to perform actions as the authenticated user, including exfiltrating sensitive information such as emails, contacts, or calendar data. The vulnerability requires user interaction—namely editing a malicious document—and does not require prior authentication, making it accessible to remote attackers who can trick users into opening or editing compromised documents. The CVSS v3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction, and limited impact on confidentiality and integrity without availability impact. No known public exploits exist at this time, but the risk remains significant due to the potential for targeted phishing or social engineering campaigns. The vendor has released patches and updates, which organizations are urged to deploy promptly to mitigate exploitation risk. The vulnerability highlights the importance of input validation and output encoding in web applications that handle rich document content.

For European organizations, the impact of CVE-2025-30190 centers on the confidentiality and integrity of sensitive corporate data managed within the OX App Suite. Successful exploitation could lead to unauthorized disclosure of emails, contacts, and calendar information, potentially exposing business secrets or personal data protected under GDPR. The ability to execute scripts in the user's context may also allow attackers to perform actions on behalf of the user, such as sending fraudulent communications or manipulating data. While availability is not affected, the breach of confidentiality and integrity can undermine trust and lead to regulatory penalties. Organizations in sectors with high data sensitivity—such as finance, healthcare, and government—face elevated risks. The requirement for user interaction means that phishing or social engineering remains the primary attack vector, which is a common threat vector in Europe. Given the widespread use of OX App Suite in European enterprises and service providers, the vulnerability could be leveraged in targeted attacks against strategic organizations.

Organizations should immediately apply the official patches and updates provided by Open-Xchange GmbH once available to remediate the vulnerability. In parallel, implement strict input validation and output encoding controls on any custom integrations or extensions interacting with OX App Suite documents. Enhance user awareness training focused on phishing and social engineering to reduce the likelihood of users editing malicious documents. Deploy web application firewalls (WAFs) with rules designed to detect and block suspicious script injection attempts targeting OX App Suite endpoints. Monitor logs for unusual document editing activities or anomalous script execution patterns. Consider isolating document editing environments or restricting document types that can be edited within the suite. Regularly review and update security policies governing document handling and collaboration tools. Finally, maintain an incident response plan that includes procedures for addressing potential XSS exploitation scenarios.