CVE-2025-4512 is a cross-site scripting (XSS) vulnerability identified in Inetum's IODAS product versions 7.2-LTS.4.1-JDK7 and 7.2-RC3.2-JDK7. The vulnerability arises from improper sanitization of the 'action' parameter in the /astre/iodasweb/app.jsp file. An attacker can remotely manipulate this parameter to inject malicious scripts that execute in the context of the victim's browser session. This type of vulnerability can be exploited without any authentication or privileges and requires only user interaction, such as clicking a crafted link or visiting a malicious page. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, but requiring user interaction and resulting in limited impact on confidentiality and integrity. The vendor Inetum was notified early but has not responded or provided patches, and no known exploits are currently reported in the wild, though public disclosure of the exploit code exists. This vulnerability could be leveraged for session hijacking, phishing, or delivering further malware payloads by exploiting the trust relationship between the user and the vulnerable web application interface.

For European organizations using Inetum IODAS versions 7.2-LTS.4.1-JDK7 or 7.2-RC3.2-JDK7, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions. Attackers could steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious sites. While the vulnerability does not directly impact system availability, the potential for credential theft or unauthorized actions could lead to data breaches or unauthorized access to sensitive information. Given that Inetum is a European IT services company with clients across Europe, organizations in sectors such as finance, government, and critical infrastructure that rely on IODAS for identity or access management could face targeted attacks. The lack of vendor response and patches increases the risk exposure, as organizations may remain vulnerable for extended periods. Additionally, the requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability effectively.

Organizations should implement immediate compensating controls such as input validation and output encoding on the 'action' parameter within their own application layers if possible. Web Application Firewalls (WAFs) should be configured to detect and block suspicious payloads targeting the vulnerable parameter. Security awareness training should emphasize the risks of clicking unknown links to reduce successful exploitation via social engineering. Network segmentation and strict access controls can limit exposure of the vulnerable interface to only trusted users or internal networks. Monitoring and logging of web application traffic should be enhanced to detect anomalous requests indicative of exploitation attempts. Since no official patch is available, organizations should engage with Inetum for updates and consider upgrading to newer, unaffected versions once released. In parallel, organizations could deploy Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing the vulnerable application.