CVE-2025-30940 is a medium severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Melipayamak product up to version 2.2.12. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. Specifically, Melipayamak fails to adequately sanitize or encode user-supplied input before rendering it in web pages, allowing attackers to inject malicious scripts that persist on the server and execute in the browsers of users who view the affected pages. The CVSS 3.1 base score is 5.9, reflecting a network attack vector (AV:N), low attack complexity (AC:L), but requiring high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects components beyond the initially vulnerable component. The impact metrics indicate low confidentiality, integrity, and availability impacts (C:L/I:L/A:L), consistent with typical Stored XSS effects such as session hijacking, defacement, or phishing. No known exploits are currently reported in the wild, and no patches have been linked yet. Melipayamak is a messaging platform, often used for SMS and communication services, which may be integrated into various organizational workflows. The vulnerability could allow attackers with elevated privileges to inject persistent scripts that compromise user sessions or steal sensitive data when users interact with the affected web interface.

For European organizations using Melipayamak, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data accessed through the platform's web interface. Attackers exploiting this Stored XSS could execute arbitrary JavaScript in the context of legitimate users, potentially leading to session hijacking, unauthorized actions, or phishing attacks within the organization's communication systems. This could disrupt business communications, leak sensitive information, or facilitate further attacks within the network. Given the requirement for high privileges to exploit, the threat is more relevant to insider threats or attackers who have already gained elevated access. However, the changed scope indicates that the impact could extend beyond the immediate component, potentially affecting integrated systems or users across organizational boundaries. The medium severity suggests that while the vulnerability is not critical, it should be addressed promptly to prevent exploitation, especially in sectors handling sensitive communications such as finance, healthcare, or government agencies within Europe.

1. Implement strict input validation and output encoding on all user-supplied data rendered in the web interface to prevent injection of malicious scripts. Use context-aware encoding libraries that handle HTML, JavaScript, and URL contexts appropriately. 2. Apply the principle of least privilege to restrict user permissions, minimizing the number of users with high privileges capable of exploiting this vulnerability. 3. Monitor and audit logs for unusual activities or script injections in the Melipayamak platform to detect potential exploitation attempts early. 4. Segregate the Melipayamak system from critical internal networks to limit lateral movement if exploitation occurs. 5. Engage with the vendor or community to obtain patches or updates addressing this vulnerability as soon as they become available, and prioritize timely deployment. 6. Educate users about the risks of clicking suspicious links or executing unexpected scripts, as user interaction is required for exploitation. 7. Consider implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context.