The vulnerability CVE-2025-32502 affects lemmentwickler ePaper Lister for Yumpu (<= 1.4.0) and involves Cross-Site Request Forgery (CSRF) that enables stored Cross-Site Scripting (XSS). This means an attacker can trick an authenticated user into submitting a request that causes malicious scripts to be stored and executed in the context of the application. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation could allow attackers to execute stored XSS attacks via CSRF, potentially leading to unauthorized actions performed with the privileges of the victim user. This can compromise user data confidentiality and integrity, and affect application availability to a limited extent. The vulnerability affects all versions up to 1.4.0 of the product.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens and validating user requests. Monitoring for suspicious activity related to stored XSS may also help mitigate risk.