CVE-2025-52204 is a Cross-Site Scripting (XSS) vulnerability identified in Znuny::ITSM version 6.5.x, an open-source IT service management software widely used for handling customer support and IT operations. The vulnerability exists in the customer.pl endpoint, specifically through the OTRSCustomerInterface parameter, which fails to properly sanitize user-supplied input. This flaw allows attackers to inject malicious JavaScript code that executes within the context of the victim's browser session when the crafted input is processed and rendered. Since the vulnerability is in a customer-facing endpoint, it can be exploited without authentication, increasing the attack surface. The absence of a CVSS score indicates that the vulnerability has not yet been fully assessed for severity, but the nature of XSS vulnerabilities typically impacts confidentiality and integrity by enabling session hijacking, credential theft, or unauthorized actions on behalf of the user. No patches or known exploits have been reported at the time of publication, but the vulnerability's presence in a critical ITSM platform means that exploitation could disrupt service management workflows and compromise sensitive organizational data. The vulnerability highlights the importance of robust input validation and output encoding in web applications, especially those handling customer interactions.

The primary impact of CVE-2025-52204 is the potential compromise of user confidentiality and integrity through the execution of malicious scripts in users' browsers. Attackers exploiting this XSS vulnerability could steal session cookies, perform actions on behalf of legitimate users, or redirect users to malicious sites, leading to data breaches or further compromise. For organizations relying on Znuny::ITSM for IT service management, this could result in unauthorized access to sensitive support tickets, customer data, or internal workflows. The vulnerability could also damage organizational reputation and trust if customer data is exposed or manipulated. Although availability impact is limited, the indirect effects of exploitation, such as phishing or malware delivery, could lead to broader security incidents. The lack of authentication requirement and the exposure through a customer-facing endpoint increase the likelihood of exploitation attempts, especially in environments with high customer interaction. Organizations worldwide using Znuny::ITSM 6.5.x are at risk, particularly those in sectors with stringent data protection requirements.

To mitigate CVE-2025-52204, organizations should immediately review and sanitize all inputs to the OTRSCustomerInterface parameter in the customer.pl endpoint. Implement strict input validation to reject or neutralize potentially malicious characters and apply context-appropriate output encoding to prevent script execution. If available, apply official patches or updates from Znuny::ITSM maintainers as soon as they are released. In the absence of patches, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting this parameter. Conduct thorough security testing, including automated and manual penetration tests, focusing on the customer-facing interfaces. Educate users and administrators about the risks of XSS and encourage the use of security headers such as Content Security Policy (CSP) to reduce the impact of potential script injection. Regularly monitor logs for suspicious activity related to the customer.pl endpoint and prepare incident response plans to quickly address any exploitation attempts. Finally, consider isolating or restricting access to the vulnerable endpoint if feasible until a permanent fix is applied.