CVE-2025-43952 is a reflected cross-site scripting (XSS) vulnerability identified in Mettler Toledo FreeWeight.Net Web Reports Viewer version 8.4.0 (build 440). This vulnerability arises due to improper sanitization of the IW_SessionID_ parameter, which allows an attacker to inject malicious scripts into the web application. When a victim user accesses a crafted URL containing the malicious script in the IW_SessionID_ parameter, the script executes in the context of the victim's browser. This can lead to the theft of session cookies, credentials, or other sensitive information, as well as unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely over the network without requiring any prior authentication, but it does require user interaction, specifically clicking on a malicious link or visiting a compromised webpage. The CVSS v3.1 base score is 6.1, indicating a medium severity level, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This means the attack has network attack vector, low attack complexity, no privileges required, user interaction required, scope changed (impacting resources beyond the vulnerable component), and low impact on confidentiality and integrity, with no impact on availability. No patches or official remediation links have been provided yet, and no known exploits are currently active in the wild. The vulnerability is categorized under CWE-79, which is the standard classification for cross-site scripting issues. Given the nature of the affected product, which is specialized software used for weight measurement and reporting, the vulnerability could be leveraged to target industrial or commercial environments where Mettler Toledo products are deployed.

For European organizations, the impact of this vulnerability can be significant, especially for those in sectors relying on Mettler Toledo FreeWeight.Net Web Reports Viewer for operational reporting and data visualization. Exploitation could lead to unauthorized access to sensitive operational data, manipulation of report outputs, or session hijacking of legitimate users. This could disrupt business processes, cause data integrity issues, and potentially lead to compliance violations under GDPR if personal or sensitive data is exposed. Industrial and manufacturing companies using this software might face operational risks if attackers leverage the XSS vulnerability to pivot into more critical systems. Additionally, since the scope is changed (S:C), the vulnerability could allow attackers to affect resources beyond the immediate web application, increasing the risk of lateral movement within networks. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the attack surface. Although availability is not impacted, the confidentiality and integrity impacts, combined with the potential for session hijacking, make this a noteworthy threat for European enterprises, particularly those in manufacturing, logistics, and supply chain sectors.

1. Implement strict input validation and output encoding on the IW_SessionID_ parameter to neutralize malicious script injections. 2. Deploy a Web Application Firewall (WAF) with custom rules to detect and block suspicious payloads targeting the IW_SessionID_ parameter. 3. Educate users on the risks of clicking unknown or unsolicited links, especially those purporting to be related to operational reporting tools. 4. Monitor web server logs for unusual query parameters or repeated attempts to inject scripts via the IW_SessionID_ parameter. 5. Isolate the FreeWeight.Net Web Reports Viewer system within a segmented network zone to limit potential lateral movement in case of compromise. 6. Apply Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web application context. 7. Coordinate with Mettler Toledo for official patches or updates and prioritize their deployment once available. 8. Conduct regular security assessments and penetration testing focusing on web application vulnerabilities, including reflected XSS. 9. Implement multi-factor authentication (MFA) for accessing the reporting tool to reduce the risk of session hijacking impact. 10. Use browser security features such as HTTPOnly and Secure flags on cookies to mitigate session theft risks.