CVE-2025-51864 is a reflected cross-site scripting (XSS) vulnerability identified in the AIBOX LLM chat platform (chat.aibox365.cn). This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Specifically, the flaw enables attackers to hijack user accounts by stealing JSON Web Tokens (JWTs), which are commonly used for authentication and session management. Reflected XSS occurs when untrusted user input is immediately returned by a web application without proper sanitization or encoding, allowing an attacker to craft a malicious URL or input that executes arbitrary JavaScript in the victim's browser context. The stolen JWT tokens can then be used to impersonate the victim, gaining unauthorized access to their account and potentially sensitive data. The vulnerability is present through at least May 27, 2025, and no patches or fixes have been publicly disclosed yet. No CVSS score is available, and there are no known exploits in the wild at this time. The lack of version information suggests the vulnerability may affect all or unspecified versions of the AIBOX LLM chat service. Given the nature of reflected XSS and JWT token theft, the vulnerability poses a significant risk to user confidentiality and integrity of sessions on the affected platform.

For European organizations, the impact of this vulnerability depends largely on the adoption and use of the AIBOX LLM chat platform within their operations. If used for internal communication, customer interaction, or integrated into business processes, exploitation could lead to unauthorized access to sensitive conversations, intellectual property, or personal data protected under GDPR. Account hijacking through stolen JWT tokens could allow attackers to impersonate legitimate users, potentially leading to data breaches, fraud, or lateral movement within corporate networks. The reflected XSS nature means exploitation requires user interaction, typically by tricking users into clicking malicious links, which could be facilitated through phishing campaigns targeting European employees or customers. The absence of known exploits suggests limited current risk, but the vulnerability remains a latent threat until remediated. Additionally, if the platform is used by European entities in regulated sectors such as finance, healthcare, or government, the consequences of data compromise could include regulatory penalties and reputational damage.

To mitigate this vulnerability, European organizations should first assess whether they use the AIBOX LLM chat platform and identify affected instances. Immediate mitigation steps include implementing web application firewall (WAF) rules to detect and block reflected XSS attack patterns targeting the chat service. Organizations should educate users about the risks of clicking untrusted links and encourage vigilance against phishing attempts. On the development side, the vendor or internal teams should implement proper input validation and output encoding to neutralize malicious scripts, specifically sanitizing all user-controllable inputs reflected in responses. Employing Content Security Policy (CSP) headers can help restrict the execution of unauthorized scripts in browsers. Additionally, monitoring for unusual authentication token usage or session anomalies can help detect potential account hijacking attempts. Until a patch is available, restricting access to the chat platform to trusted networks or VPNs can reduce exposure. Finally, organizations should maintain incident response readiness to quickly address any exploitation attempts.