CVE-2025-41364 is a stored Cross-Site Scripting (XSS) vulnerability identified in the ZIV products IDF (version 0.10.0-0C03-03) and ZLF (version 0.10.0-0C03-04). The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. Specifically, an authenticated attacker with at least view permissions can inject malicious JavaScript payloads that are stored within the device's software and subsequently executed in the browsers of users who access the affected web interface. The vulnerability does not require elevated privileges beyond authenticated view access, nor does it require user interaction beyond visiting a compromised page. The CVSS 4.0 base score is 5.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required beyond authentication, and partial scope impact. The vulnerability does not impact confidentiality, integrity, or availability directly but can be leveraged to execute arbitrary scripts in the context of the victim's browser session, potentially leading to session hijacking, credential theft, or further exploitation. No known exploits are currently in the wild, and no patches have been published yet. The vulnerability was reserved in April 2025 and published in June 2025 by INCIBE, indicating recent discovery and disclosure. The products affected are specialized ZIV software components, likely used in industrial or infrastructure contexts given the vendor profile.

For European organizations using ZIV IDF and ZLF products, this vulnerability poses a moderate risk. Since exploitation requires authentication with view permissions, internal users or compromised credentials could be leveraged by attackers to inject malicious scripts. This could lead to unauthorized actions within the web interface, theft of session tokens, or pivoting attacks within the network. The impact is particularly significant for organizations relying on these products for critical infrastructure or industrial control systems, where web interface compromise could lead to operational disruptions or data leakage. Additionally, the stored nature of the XSS means that multiple users accessing the affected interface could be impacted, increasing the attack surface. European entities with stringent data protection regulations (e.g., GDPR) must consider the risk of data exposure or unauthorized access resulting from such attacks. Although no direct availability or integrity impact is reported, the potential for lateral movement or privilege escalation through chained attacks elevates the concern.

1. Restrict access to the affected ZIV IDF and ZLF web interfaces strictly to trusted personnel and networks, implementing network segmentation and strong access controls. 2. Enforce multi-factor authentication (MFA) to reduce the risk of credential compromise leading to exploitation. 3. Monitor and audit user activities, especially those with view permissions, to detect unusual behavior indicative of exploitation attempts. 4. Implement Content Security Policy (CSP) headers on the web interfaces if configurable, to mitigate the impact of injected scripts. 5. Sanitize and validate all user inputs on the server side, and apply output encoding to prevent script injection, as part of patch development. 6. Since no patches are currently available, consider temporary compensating controls such as disabling or limiting the vulnerable web interface functionality until a vendor patch is released. 7. Educate users about the risks of XSS and encourage cautious behavior when interacting with the web interface. 8. Stay updated with vendor advisories for timely patch deployment once available.