CVE-2025-54395 is a cross-site scripting (XSS) vulnerability identified in Netwrix Directory Manager (formerly known as Imanami GroupID) versions prior to 11.1.25162.02. This vulnerability affects the authentication configuration data handling within the application. Specifically, the flaw allows an attacker to inject malicious scripts into the authentication configuration interface or data fields, which are then executed in the context of the victim's browser session. Since Netwrix Directory Manager is used for managing and auditing Active Directory and other identity-related configurations, the presence of an XSS vulnerability in its authentication configuration module can lead to unauthorized script execution. This could allow an attacker to steal session cookies, perform actions on behalf of authenticated users, or manipulate the interface to mislead administrators. The vulnerability does not require prior authentication to exploit, but the exact attack vector (whether it requires user interaction or specific privileges) is not detailed in the provided information. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on August 7, 2025, and affects versions before 11.1.25162.02, indicating that a patch or update addressing this issue is available or forthcoming. However, no direct patch links were provided in the data. Given the nature of the vulnerability, it is primarily a client-side attack vector but can have significant implications in environments where Netwrix Directory Manager is used for critical identity and access management tasks.

For European organizations, this vulnerability poses a risk to the confidentiality and integrity of authentication management processes. Since Netwrix Directory Manager is often deployed in enterprise environments to manage Active Directory and identity configurations, exploitation could lead to session hijacking or unauthorized actions within the management console. This could result in unauthorized changes to user permissions, exposure of sensitive configuration data, or further lateral movement within the network. The impact is heightened in sectors with strict regulatory requirements such as finance, healthcare, and government, where identity management integrity is critical. Additionally, compromised authentication configuration could undermine compliance with GDPR and other data protection regulations, potentially leading to legal and financial repercussions. Although no active exploits are known, the presence of an XSS vulnerability in a privileged management tool warrants prompt attention to prevent potential targeted attacks, especially in environments with high-value assets and sensitive data.

European organizations using Netwrix Directory Manager should immediately verify their software version and upgrade to version 11.1.25162.02 or later where the vulnerability is addressed. In the absence of an official patch, organizations should consider implementing web application firewalls (WAFs) with rules to detect and block XSS payloads targeting the management interface. Administrators should enforce strict input validation and sanitization on any custom scripts or integrations interacting with the authentication configuration data. Additionally, restricting access to the Netwrix Directory Manager interface to trusted networks and using multi-factor authentication (MFA) can reduce the risk of exploitation. Regular security audits and monitoring for unusual activity within the management console are recommended to detect potential exploitation attempts. Educating administrators about the risks of XSS and safe browsing practices when accessing the management interface can further mitigate risks. Finally, organizations should maintain an incident response plan tailored to identity management compromise scenarios.