CVE-2025-4551 is a cross-site scripting (XSS) vulnerability identified in ContiNew Admin versions up to 3.6.0. The vulnerability resides in an unspecified function within the /dev-api/common/file endpoint, where the 'File' argument can be manipulated by an attacker to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript code in the context of the victim's browser without requiring authentication, though user interaction is necessary to trigger the payload. The vulnerability has been publicly disclosed, but no official patch or response from the vendor has been provided. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector details show that the attack can be launched remotely (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but does require user interaction (UI:P). The impact primarily affects confidentiality and integrity at a low level, with no direct impact on availability or system control. The vulnerability could be exploited to steal session cookies, perform actions on behalf of the user, or deliver further malware through the victim's browser. Since the vendor has not responded and no patches are available, organizations using ContiNew Admin versions 3.0 through 3.6.0 remain exposed to potential exploitation.

For European organizations, this vulnerability poses a risk primarily to web applications and administrative interfaces using ContiNew Admin. Successful exploitation could lead to session hijacking, unauthorized actions within the admin panel, or the spread of malware via injected scripts. This can compromise sensitive data confidentiality and integrity, especially in environments where ContiNew Admin manages critical infrastructure or sensitive information. The requirement for user interaction limits automated exploitation but targeted phishing or social engineering campaigns could be effective. The lack of vendor response and patch availability increases the risk window. Organizations in sectors such as finance, healthcare, and government, which often use administrative web portals, may face increased risk of data breaches or operational disruption. Additionally, the public disclosure of the exploit details may encourage attackers to develop weaponized payloads, increasing the likelihood of attacks against European entities.

1. Immediate mitigation should include implementing web application firewalls (WAF) with custom rules to detect and block suspicious input patterns targeting the /dev-api/common/file endpoint, especially the 'File' parameter. 2. Employ strict input validation and output encoding on all user-supplied data within the application to prevent script injection. 3. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Conduct user awareness training to reduce the risk of social engineering attacks that could trigger the XSS payload. 5. Monitor web server and application logs for unusual requests or error patterns related to the vulnerable endpoint. 6. Where possible, isolate or restrict access to ContiNew Admin interfaces to trusted networks or VPNs to reduce exposure. 7. Consider deploying runtime application self-protection (RASP) solutions to detect and block exploitation attempts in real time. 8. Engage with the vendor or community for updates or unofficial patches, and plan for an upgrade or replacement of the affected software if no official fix is forthcoming.