CVE-2025-4379 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in DobryCMS, a content management system developed by Studio Fabryka. The vulnerability affects versions 2.* and lower of DobryCMS. The root cause is improper neutralization of user input in the 'szukaj' parameter, which is used during web page generation. This flaw allows an attacker to craft a malicious URL containing arbitrary JavaScript code within the 'szukaj' parameter. When a victim opens this specially crafted URL, the injected script executes in the context of the victim's browser session. This can lead to session hijacking, credential theft, or other malicious actions performed on behalf of the user. The vulnerability does not require any authentication or privileges to exploit and can be triggered remotely by simply convincing a user to click a malicious link. The CVSS 4.0 base score is 5.1 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and limited scope impact. A hotfix was released on April 29, 2025, which addresses the vulnerability without incrementing the product version number. No known exploits are reported in the wild as of the publication date. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks.

For European organizations using DobryCMS, this vulnerability poses a moderate security risk. Successful exploitation could allow attackers to execute arbitrary JavaScript in users' browsers, potentially leading to theft of session cookies, user credentials, or other sensitive information. This can facilitate further attacks such as account takeover or unauthorized actions within the CMS or connected systems. The reflected XSS nature means the attack requires user interaction (clicking a malicious link), which may limit widespread automated exploitation but remains a significant risk through phishing or social engineering campaigns. Organizations handling sensitive data or providing critical services via DobryCMS are at risk of reputational damage, data breaches, and compliance violations under regulations such as GDPR if user data is compromised. The lack of known exploits in the wild suggests the threat is currently low but could increase if exploit code becomes publicly available. The vulnerability's medium severity indicates that while it is not critical, timely remediation is important to prevent potential exploitation.

European organizations should immediately apply the hotfix released on April 29, 2025, for DobryCMS versions 2.* and lower to remediate the vulnerability. Since the patch does not increment the version number, administrators must verify patch application through vendor-provided indicators or checksums. Additionally, organizations should implement input validation and output encoding best practices on all user-supplied data, particularly the 'szukaj' parameter, to prevent injection of malicious scripts. Employing a Web Application Firewall (WAF) with rules to detect and block reflected XSS payloads targeting DobryCMS can provide an additional layer of defense. Security awareness training should be conducted to educate users about the risks of clicking suspicious links, reducing the likelihood of successful phishing attempts exploiting this vulnerability. Regular security assessments and code reviews of the CMS and its customizations can help identify and mitigate similar vulnerabilities proactively. Monitoring web server logs for unusual URL patterns involving the 'szukaj' parameter may help detect attempted exploitation attempts.