CVE-2025-53338 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability identified in the software product 're.place' developed by the vendor 'dor'. This vulnerability is classified under CWE-352, which pertains to CSRF attacks. The issue affects versions up to 0.2.1, although the exact range of affected versions is not fully specified. The vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user without their consent. Specifically, this CSRF flaw enables the injection of Stored Cross-Site Scripting (XSS) payloads, which means that malicious scripts can be permanently stored on the target server and executed in the context of users visiting the affected application. The CVSS v3.1 base score is 7.1, indicating a high severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) reveals that the attack can be performed remotely over the network without privileges or authentication, requires low attack complexity, but does require user interaction (such as clicking a crafted link). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact includes low confidentiality loss, low integrity loss, and low availability loss, but combined with the stored XSS, the overall risk is significant. No patches or known exploits in the wild have been reported at the time of publication (June 27, 2025).

For European organizations using the 're.place' software, this vulnerability poses a significant risk. The ability to exploit CSRF to inject stored XSS payloads can lead to session hijacking, credential theft, unauthorized actions, and potential lateral movement within the network. Confidentiality and integrity of user data can be compromised, and availability may be affected if attackers use the vulnerability to disrupt services. Given the remote exploitability without authentication, attackers can target users through phishing or malicious websites to trigger the CSRF attack. Organizations in sectors with high reliance on web applications, such as finance, healthcare, and government, could face data breaches, reputational damage, and regulatory penalties under GDPR if personal data is exposed or manipulated. The stored XSS aspect increases the persistence and impact of the attack, as malicious scripts can affect multiple users over time.

To mitigate this vulnerability, organizations should implement anti-CSRF tokens in all state-changing requests within the 're.place' application to ensure that requests are legitimate and originate from authenticated users. Additionally, input validation and output encoding should be enforced rigorously to prevent stored XSS payloads from being injected or executed. Employing Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting the sources from which scripts can be loaded. Organizations should monitor and audit user actions and logs for unusual activities that may indicate exploitation attempts. Since no official patches are currently available, consider applying virtual patching via Web Application Firewalls (WAFs) configured to detect and block CSRF and XSS attack patterns targeting 're.place'. User education on phishing and safe browsing practices can reduce the likelihood of successful user interaction required for exploitation. Finally, maintain an incident response plan to quickly address any detected exploitation.