CVE-2025-54789 is a medium severity vulnerability classified under CWE-80, which pertains to improper neutralization of script-related HTML tags, commonly known as a Cross-Site Scripting (XSS) vulnerability. This specific issue affects the 'cfiles' module of the HumHub platform, a social collaboration software used for managing files within spaces and user profiles. The vulnerability exists in versions 0.16.9 and earlier of the cfiles module. The root cause is the lack of proper input validation or sanitization in the File Move functionality, which allows an attacker to inject arbitrary JavaScript code. When a user interacts with the affected functionality, the malicious script executes in the context of their browser session, potentially leading to session hijacking, unauthorized actions, or data theft. The vulnerability requires no authentication (PR:L means low privileges required), and no user interaction is strictly necessary for exploitation, but UI:P indicates some user interaction is involved, such as clicking or navigating to a maliciously crafted file move operation. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N) indicates network attack vector, low attack complexity, no attack or user privileges needed beyond low, partial user interaction, and limited scope impact. The vulnerability does not affect confidentiality, integrity, or availability directly but impacts session security and user trust. The issue was fixed in version 0.16.10 of the cfiles module. No known exploits are reported in the wild as of the publication date, August 1, 2025.

For European organizations using HumHub with the vulnerable cfiles module, this XSS vulnerability could lead to targeted attacks where malicious actors inject scripts to hijack user sessions or perform unauthorized actions under the guise of legitimate users. This is particularly critical in environments where HumHub is used for sensitive collaboration, file sharing, or internal communications. The exploitation could result in data leakage, unauthorized access to confidential files, or the spread of malware within the organization. Since the vulnerability requires some user interaction, phishing or social engineering campaigns could be used to trick users into triggering the exploit. The impact is heightened in sectors with strict data protection regulations such as GDPR, where unauthorized data exposure can lead to legal and financial penalties. Additionally, compromised user sessions could facilitate lateral movement within the network, increasing the risk of broader compromise.

European organizations should immediately upgrade the HumHub cfiles module to version 0.16.10 or later, where the vulnerability is patched. Until the upgrade is applied, organizations should implement strict input validation and output encoding on all user-supplied data related to file operations within HumHub, if possible. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the platform. Conduct user awareness training to recognize and avoid phishing attempts that could trigger the exploit. Monitor logs for unusual file move operations or suspicious user activity within HumHub. Network segmentation and limiting access to the HumHub platform to trusted users can reduce exposure. Finally, consider deploying Web Application Firewalls (WAFs) with rules targeting XSS attack patterns specific to HumHub's cfiles module.