CVE-2025-45091 is a stored Cross-Site Scripting (XSS) vulnerability affecting specific versions of Seafile, namely 11.0.18-Pro, 12.0.10, and 12.0.10-Pro. Seafile is a popular open-source file hosting and collaboration platform used by organizations for secure file sharing and synchronization. The vulnerability arises because an authenticated attacker can modify their username to include malicious JavaScript payloads. These payloads are then stored and rendered in notification and activity feeds, which are viewed by other users. This stored XSS attack vector allows the attacker to execute arbitrary scripts in the context of other users’ browsers when they view affected notifications or activity logs. Such scripts can steal session cookies, perform actions on behalf of the victim, or redirect users to malicious sites. The attack requires the attacker to be authenticated, which limits exploitation to users with some level of access to the system. However, once exploited, the impact can extend beyond the attacker’s own account to other users who view the injected content. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. No official patches or mitigation links have been provided, indicating that organizations using these versions should proactively address this issue.

For European organizations using Seafile versions 11.0.18-Pro, 12.0.10, or 12.0.10-Pro, this vulnerability poses a significant risk to confidentiality and integrity of user sessions and data. The stored XSS can lead to session hijacking, unauthorized actions, or phishing attacks within the trusted collaboration environment. This can result in data leakage, unauthorized data modification, or disruption of business workflows. Since Seafile is often used in enterprise and government sectors for secure file sharing, exploitation could undermine trust in internal communications and data integrity. The requirement for attacker authentication limits the attack surface but does not eliminate risk, especially in environments with many users or less stringent access controls. The vulnerability could also be leveraged as a foothold for further attacks within the network. Given the collaborative nature of Seafile, the impact could cascade if multiple users are affected. The lack of known exploits suggests this is a newly disclosed vulnerability, so proactive mitigation is critical to prevent future exploitation.

European organizations should immediately audit their Seafile deployments to identify if affected versions are in use. If so, they should consider the following specific mitigations: 1) Restrict user input sanitization by implementing or enhancing server-side validation and escaping of usernames and other user-generated content to prevent script injection. 2) Limit the ability of users to change usernames or enforce strict character whitelisting to exclude scriptable characters. 3) Monitor notification and activity feeds for suspicious or anomalous content that could indicate attempted exploitation. 4) Apply any vendor-provided patches or updates as soon as they become available. 5) Implement Content Security Policy (CSP) headers to reduce the impact of XSS by restricting script execution sources. 6) Educate users to recognize suspicious notifications or activities and report anomalies. 7) Consider isolating or restricting access to the notification and activity features if feasible until a patch is applied. These measures go beyond generic advice by focusing on input validation, monitoring, and user behavior controls specific to the vulnerability vector.