CVE-2025-48360 is a medium severity vulnerability classified as CWE-79, indicating an Improper Neutralization of Input During Web Page Generation, commonly known as Cross-site Scripting (XSS). This vulnerability affects the Razvan Stanga Varnish/Nginx Proxy Caching product, specifically versions up to 1.8.3. The issue allows for Stored XSS attacks, where malicious scripts injected by an attacker are permanently stored on the target server and executed in the context of users accessing the affected web pages. The CVSS 3.1 base score is 5.9, reflecting a medium risk level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L) indicates that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability at a low level. Stored XSS in proxy caching software like Varnish/Nginx Proxy Caching can allow attackers to inject malicious JavaScript code that executes in the browsers of users accessing cached content, potentially leading to session hijacking, defacement, or redirection to malicious sites. Since the vulnerability requires high privileges and user interaction, exploitation is somewhat limited to trusted users or administrators who can input malicious content that is then served to others. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may require vendor updates or configuration changes once available.

For European organizations, this vulnerability poses a moderate risk, especially for those relying on Varnish/Nginx Proxy Caching for web acceleration and caching. Exploitation could lead to unauthorized script execution in end-users' browsers, potentially compromising user sessions, leaking sensitive data, or enabling phishing attacks. Organizations in sectors with high web traffic such as e-commerce, finance, and public services could see reputational damage and regulatory scrutiny if user data confidentiality is compromised. The requirement for high privileges to inject malicious input limits the attack surface to insiders or compromised administrators, but the stored nature of the XSS means that once injected, all users accessing the cached content could be affected. This could lead to widespread impact across multiple users and systems. Additionally, the changed scope indicates that the vulnerability could affect multiple components or services relying on the proxy caching layer, increasing the potential blast radius. Given the GDPR environment in Europe, any data leakage or compromise could result in significant fines and legal consequences.

European organizations should proactively audit their use of Varnish/Nginx Proxy Caching, ensuring that only trusted administrators have high-level privileges capable of injecting content. Input validation and output encoding should be enforced rigorously on any user-generated content that might be cached or proxied. Until an official patch is released, organizations can consider disabling caching of user-generated content or applying strict Content Security Policies (CSP) to limit the execution of injected scripts. Monitoring and logging of administrative actions and cache content changes can help detect attempts to exploit this vulnerability. Network segmentation and access controls should be tightened to reduce the risk of privilege escalation. Once patches or updates are available from Razvan Stanga or the community, they should be applied promptly. Additionally, web application firewalls (WAFs) can be configured to detect and block common XSS payloads targeting the proxy caching layer.