CVE-2025-50024 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Truong Thanh ATP Call Now application up to version 1.0.3. Stored XSS occurs when malicious input is improperly neutralized and subsequently stored by the web application, later being served to users without adequate sanitization. This vulnerability allows an attacker with authenticated access (as indicated by the CVSS vector requiring high privileges and user interaction) to inject malicious scripts into web pages generated by the application. When other users view these pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The CVSS 3.1 base score of 5.9 reflects a medium severity level, with network attack vector (AV:N), low attack complexity (AC:L), but requiring high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is low but present, as the attacker can potentially steal sensitive data or manipulate user interactions. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is specific to the ATP Call Now product, which is a communication or call management tool developed by Truong Thanh, likely used in business environments to facilitate customer interactions or internal communications.

For European organizations using ATP Call Now, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data. Attackers with authenticated access could inject malicious scripts that execute in the browsers of other users, potentially leading to credential theft, session hijacking, or unauthorized actions such as data manipulation or fraudulent calls. This could disrupt business communications, damage customer trust, and lead to regulatory compliance issues under GDPR if personal data is compromised. The requirement for high privileges and user interaction limits the ease of exploitation but does not eliminate risk, especially in environments where insider threats or compromised accounts exist. The scope change indicates that the vulnerability could impact multiple components or users beyond the initially affected module, increasing potential damage. Although no exploits are known in the wild, the medium severity and nature of stored XSS warrant proactive mitigation to prevent exploitation, especially in sectors with sensitive communications such as finance, healthcare, and government agencies in Europe.

1. Immediate mitigation should include restricting and monitoring privileged user access to the ATP Call Now application to reduce the risk of malicious input injection. 2. Implement strict input validation and output encoding on all user-supplied data fields within the application to neutralize potentially malicious scripts. 3. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in users' browsers. 4. Conduct regular security audits and penetration testing focused on web application vulnerabilities, particularly XSS, to detect and remediate similar issues. 5. Since no official patch is currently available, consider isolating or limiting the use of ATP Call Now in critical environments until a fix is released. 6. Educate users about phishing and social engineering risks that could lead to credential compromise, which is a prerequisite for exploitation. 7. Monitor logs for unusual activity indicative of attempted XSS exploitation or privilege misuse. 8. Engage with the vendor to obtain timely updates or patches and apply them promptly once available.