CVE-2025-49035 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the 'Admin Menu Groups' component of the chaimchaikin project, specifically versions up to 0.1.2. Stored XSS vulnerabilities occur when untrusted input is improperly sanitized or neutralized during web page generation, allowing malicious scripts to be permanently stored on the target server and executed in the browsers of users who access the affected pages. In this case, the vulnerability arises from improper neutralization of input in the Admin Menu Groups feature, which likely allows an attacker with certain privileges to inject malicious JavaScript payloads that persist within the application. The CVSS v3.1 base score is 5.9 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), user interaction (UI:R), scope changed (S:C), and low impact on confidentiality, integrity, and availability (C:L/I:L/A:L). This means exploitation requires an authenticated user with high privileges to interact with the malicious content, but successful exploitation can lead to a change in the security scope, potentially affecting other components or users. Although no known exploits are currently in the wild and no patches have been linked yet, the vulnerability poses a risk of session hijacking, privilege escalation, or unauthorized actions via script execution in the context of affected users. The vulnerability was published on August 27, 2025, and was reserved on May 30, 2025.

For European organizations using the chaimchaikin Admin Menu Groups component, this vulnerability could lead to significant security risks, especially in environments where multiple administrators or privileged users access the system. Stored XSS can enable attackers to steal session cookies, perform actions on behalf of administrators, or pivot to other parts of the network, potentially compromising sensitive data or administrative controls. Given the requirement for high privileges and user interaction, the threat is more relevant in organizations with complex administrative workflows or where insider threats are a concern. The change in scope indicates that exploitation could affect components beyond the immediate vulnerable module, increasing the risk of broader compromise. European organizations in sectors such as finance, healthcare, government, or critical infrastructure that rely on this software or similar admin tools could face operational disruptions, data breaches, or regulatory non-compliance issues under GDPR if personal data is exposed or manipulated.

1. Immediate mitigation should include restricting access to the Admin Menu Groups feature to the minimum necessary set of users with high privileges, reducing the attack surface. 2. Implement strict input validation and output encoding on all user-supplied data within the Admin Menu Groups interface to prevent injection of malicious scripts. 3. Monitor logs and user activity for suspicious behavior indicative of attempted XSS exploitation, such as unusual script payloads or repeated failed attempts. 4. Apply the principle of least privilege for all administrative accounts to limit the impact if an account is compromised. 5. Since no official patch is currently linked, organizations should engage with the vendor or community to obtain or develop patches that properly sanitize inputs. 6. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 7. Conduct security awareness training for administrators to recognize and avoid interacting with suspicious content. 8. Regularly update and audit the software components and dependencies to ensure timely application of security fixes.