CVE-2025-51502 is a reflected Cross-Site Scripting (XSS) vulnerability identified in Microweber CMS version 2.0. The vulnerability arises from improper sanitization or validation of the 'layout' parameter on the /admin/page/create page. When an authenticated administrator accesses this page with a specially crafted 'layout' parameter, arbitrary JavaScript code can be executed within the context of the admin user's browser session. This type of reflected XSS attack does not persist on the server but is triggered when the malicious link is visited. Because the vulnerability affects the administrative interface, successful exploitation could allow attackers to hijack admin sessions, steal authentication tokens, perform unauthorized actions within the CMS, or pivot to further attacks within the affected environment. The lack of a CVSS score and absence of known exploits in the wild suggest this vulnerability is newly disclosed and may not yet be widely exploited. However, the threat is significant given the administrative privileges involved and the potential for complete compromise of the CMS and its hosted content. The vulnerability is specific to Microweber CMS 2.0, a content management system used for website creation and management. No patch or mitigation links are currently provided, indicating that remediation may require vendor action or manual mitigation steps by administrators.

For European organizations using Microweber CMS 2.0, this vulnerability poses a serious risk to the confidentiality, integrity, and availability of their web content and administrative controls. Exploitation could lead to unauthorized access to sensitive administrative functions, enabling attackers to modify website content, inject malicious scripts for further attacks on site visitors, or exfiltrate sensitive data. This could damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR breaches if personal data is exposed), and disrupt business operations. Since the vulnerability requires an authenticated admin user to trigger, the impact is somewhat limited to environments where attackers can trick or coerce administrators into clicking malicious links or where admin credentials are compromised. However, given the administrative context, the consequences of exploitation are severe. European organizations with public-facing websites or intranet portals managed via Microweber CMS are particularly at risk, especially those in sectors with high regulatory scrutiny or critical online presence.

To mitigate this vulnerability, European organizations should immediately review and restrict access to the /admin/page/create page to trusted administrators only, ideally behind VPNs or secure network segments. Administrators should be trained to avoid clicking on suspicious links and to verify URLs before accessing admin pages. Implementing Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting the execution of unauthorized scripts. Organizations should monitor web server and application logs for unusual requests involving the 'layout' parameter and suspicious admin page access patterns. Until an official patch is released by Microweber, consider applying web application firewall (WAF) rules to detect and block malicious payloads targeting the 'layout' parameter. Regularly update and audit CMS plugins and extensions to minimize additional attack surfaces. Finally, enforce strong authentication mechanisms such as multi-factor authentication (MFA) for admin accounts to reduce the risk of credential compromise.