This vulnerability (CVE-2025-46452) involves a CSRF flaw in Olav Kolbu Google News software, which enables an attacker to perform Stored XSS attacks. The affected versions include all versions up to 2.5.1. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability. No patch or official fix has been documented, and the product is not a cloud service, so remediation depends on vendor updates.

Successful exploitation could allow an attacker to execute stored malicious scripts in the context of the victim's browser, potentially leading to data disclosure, manipulation, or denial of service. The CSRF aspect means that attackers can trick authenticated users into submitting unauthorized requests that trigger the stored XSS payload. This can compromise user sessions and data integrity within the affected application.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with untrusted links and avoid actions that could trigger CSRF attacks. Monitoring vendor communications for updates is recommended.