CVE-2025-41104 is a Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Fairsketch's RISE CRM Framework versions prior to 3.9. The vulnerability is caused by improper neutralization of user-supplied input during web page generation, specifically in the 'custom_field_1' parameter of the '/estimate_requests/save_estimate_request' endpoint. When an attacker sends a crafted POST request with malicious HTML or JavaScript code in this parameter, the application fails to properly validate or sanitize the input, resulting in the injection of executable code into the web page. This flaw allows attackers to execute arbitrary scripts in the context of the victim's browser session, potentially leading to session hijacking, credential theft, unauthorized actions on behalf of the user, or the delivery of further malicious payloads. The vulnerability does not require authentication but does require some user interaction (e.g., the victim visiting a malicious link or submitting a crafted form). The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and no impact on availability, confidentiality, or integrity directly, but with limited scope impact. No public exploits have been reported yet, but the medium severity rating suggests it should be addressed promptly. The vulnerability was assigned by INCIBE and published on November 11, 2025. Given the nature of CRM systems handling sensitive customer and business data, exploitation could have significant consequences.

For European organizations, exploitation of this XSS vulnerability in the RISE CRM Framework could lead to unauthorized access to sensitive customer data, session hijacking, and manipulation of CRM functionalities. This can result in data breaches, loss of customer trust, regulatory penalties under GDPR, and potential financial losses. Since CRM systems are often integrated with other business-critical applications, the compromise could cascade, affecting broader enterprise operations. The medium CVSS score reflects moderate risk, but the impact on confidentiality and integrity is notable, especially in sectors such as finance, healthcare, and manufacturing where CRM data is highly sensitive. Additionally, the requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the risk of targeted attacks against European enterprises. The absence of known exploits currently provides a window for proactive mitigation before widespread exploitation occurs.

European organizations using Fairsketch RISE CRM Framework should immediately upgrade to version 3.9 or later where this vulnerability is fixed. If upgrading is not immediately feasible, implement strict input validation and sanitization on the 'custom_field_1' parameter to neutralize HTML and script content. Employ contextual output encoding to prevent injected scripts from executing in the browser. Deploy Web Application Firewalls (WAFs) with custom rules to detect and block malicious payloads targeting this endpoint. Conduct regular security audits and penetration testing focusing on input handling in CRM modules. Educate users about phishing risks to reduce the likelihood of successful social engineering attacks exploiting this vulnerability. Monitor logs for unusual POST requests to '/estimate_requests/save_estimate_request' and anomalous user behavior indicative of exploitation attempts. Finally, ensure incident response plans include procedures for handling XSS attacks and potential data breaches.