CVE-2025-47783 is a high-severity Cross-Site Scripting (XSS) vulnerability identified in HumanSignal's Label Studio, a multi-type data labeling and annotation tool widely used for machine learning and data processing workflows. The vulnerability affects all versions prior to 1.18.0 and stems from improper neutralization of input during web page generation (CWE-79). Specifically, an attacker can exploit this flaw by sending a specially crafted POST request to the /projects/upload-example/ endpoint. The vulnerable code resides in the label_studio/projects/views.py file, where user-supplied input is not adequately sanitized before being embedded into the web page context. This allows malicious scripts to be injected and executed in the victim's browser. Successful exploitation can lead to theft of sensitive data, session hijacking, unauthorized actions performed on behalf of the user, and potentially further compromise of the affected system or network. The vulnerability requires user interaction (UI:P) but does not require authentication (PR:N), and it can be exploited remotely over the network (AV:N) with low attack complexity (AC:L). The impact on confidentiality and integrity is high, while availability is not affected. Although no known exploits are currently reported in the wild, the presence of this vulnerability in a tool often used in data-sensitive environments makes it a significant risk. Version 1.18.0 of Label Studio includes a patch that properly sanitizes inputs to prevent script injection, mitigating this issue.

For European organizations, the impact of CVE-2025-47783 can be substantial, especially for those relying on Label Studio for data annotation in AI, research, or business intelligence projects. Exploitation could lead to unauthorized access to sensitive datasets, leakage of proprietary or personal data, and compromise of user sessions, which may facilitate further lateral movement within corporate networks. This is particularly critical under the GDPR framework, where data breaches involving personal data can result in severe regulatory penalties and reputational damage. Additionally, attackers could leverage the vulnerability to perform unauthorized actions, potentially corrupting data labeling workflows or injecting malicious data, thereby undermining the integrity of machine learning models and analytics. The remote and unauthenticated nature of the exploit increases the risk of widespread attacks if the vulnerability is not promptly addressed. Organizations with web-facing instances of Label Studio are especially at risk, as attackers can exploit the vulnerability without prior access or credentials.

European organizations should immediately upgrade all instances of Label Studio to version 1.18.0 or later, where the vulnerability is patched. In environments where immediate upgrading is not feasible, organizations should implement strict input validation and output encoding at the application layer as a temporary mitigation. Deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests to the /projects/upload-example/ endpoint can reduce exposure. Additionally, organizations should enforce Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regular security audits and penetration testing focused on web application inputs should be conducted to detect similar vulnerabilities. Monitoring logs for unusual POST requests and anomalous user activity can help in early detection of exploitation attempts. Finally, educating developers and administrators about secure coding practices and the importance of timely patching is essential to prevent recurrence.