CVE-2025-46545 is a stored Cross-Site Scripting (XSS) vulnerability identified in Sherpa Orchestrator version 141851. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), specifically in the functionality that allows an administrator to add or update licenses. The issue is with the 'name' parameter, which is not properly sanitized or encoded before being stored and later rendered in the web interface. The stored XSS payload is triggered when the license expires, causing the malicious script to execute in the context of the web application. This can lead to unauthorized actions performed with the privileges of the logged-in user, potentially including session hijacking, credential theft, or unauthorized configuration changes. Since the vulnerability requires administrator privileges to inject the payload, the initial exploitation vector is limited to trusted users or attackers who have gained administrative access. However, the delayed execution upon license expiration increases the risk of unnoticed exploitation. No known exploits are currently reported in the wild, and no patches have been published as of the vulnerability disclosure date (April 25, 2025). Sherpa Orchestrator is a product used for orchestration and management tasks, likely in enterprise environments, making this vulnerability relevant for organizations relying on this software for operational workflows.

For European organizations using Sherpa Orchestrator 141851, this vulnerability poses a medium risk primarily due to the stored XSS nature and the requirement for administrative privileges to inject malicious payloads. The impact includes potential compromise of administrative sessions, unauthorized changes to orchestration workflows, and exposure of sensitive operational data. Given that the payload executes upon license expiration, attackers could leverage this timing to execute attacks when monitoring may be reduced. This could disrupt business continuity, lead to data breaches, or facilitate lateral movement within the network. Organizations in sectors with high reliance on orchestration tools—such as manufacturing, logistics, and critical infrastructure—may face operational disruptions or compliance issues if exploited. The absence of known exploits reduces immediate risk, but the vulnerability's presence in a critical management tool necessitates proactive mitigation to prevent future exploitation.

1. Immediate mitigation should include restricting administrative access to Sherpa Orchestrator to trusted personnel only and enforcing strong authentication mechanisms such as multi-factor authentication (MFA). 2. Implement rigorous input validation and output encoding on the 'name' parameter in the license management functionality to prevent injection of malicious scripts. 3. Monitor license expiration events closely and audit logs for any unusual activity around license updates or expirations. 4. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts within the application context. 5. If possible, temporarily disable or limit license update functionality until a vendor patch is released. 6. Conduct regular security assessments and penetration testing focused on web application vulnerabilities, especially stored XSS. 7. Engage with Sherpa vendor support to obtain updates or patches and apply them promptly once available. 8. Educate administrators on the risks of injecting untrusted data and encourage safe operational practices.