CVE-2025-54965 is a cross-site scripting (XSS) vulnerability identified in BAE Systems' SOCET GXP software prior to version 4.6.0.2. SOCET GXP is a geospatial analysis and imagery exploitation tool widely used in defense, intelligence, and aerospace sectors. The vulnerability resides in the Job Status Service component, where the job ID parameter is not properly sanitized before being reflected on the job status page. This improper input validation allows an attacker to craft a malicious URL containing executable JavaScript code. When a user, typically an analyst or operator, is socially engineered into clicking this malicious link, the embedded script executes within the context of their browser session. This can lead to theft of session cookies, unauthorized actions performed on behalf of the user, or the injection of further malicious payloads. The attack vector requires user interaction, specifically clicking a link, and does not appear to require authentication to trigger the vulnerability. No public exploits have been reported yet, and no official CVSS score has been assigned. The lack of patches currently available necessitates interim mitigations. The vulnerability primarily threatens confidentiality and integrity of user sessions and data processed by SOCET GXP, with limited direct impact on system availability. Given SOCET GXP's critical role in sensitive geospatial intelligence workflows, exploitation could lead to significant operational disruption or data compromise.

For European organizations, especially those in defense, aerospace, and intelligence sectors, this vulnerability poses a risk of unauthorized access to sensitive geospatial data and operational information. Exploitation could enable attackers to hijack user sessions, steal credentials, or manipulate job status data, potentially undermining mission-critical analyses. The impact on confidentiality is significant as attackers could access or exfiltrate sensitive information. Integrity could also be compromised if attackers alter job statuses or inject malicious scripts that affect data processing. Availability impact is minimal as the vulnerability does not directly disrupt system operations. However, successful exploitation could lead to loss of trust in the software and operational delays. Organizations relying on SOCET GXP for geospatial intelligence or defense-related tasks may face increased risk of espionage or sabotage. The requirement for social engineering reduces the likelihood of widespread automated exploitation but does not eliminate targeted attacks against high-value users.

1. Apply official patches or updates from BAE Systems as soon as they become available to address the input sanitization flaw. 2. Implement strict input validation and output encoding on the job ID parameter within SOCET GXP or any proxy layers to prevent script injection. 3. Employ web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting the job status service. 4. Conduct user awareness training focused on recognizing and avoiding phishing and social engineering attempts, emphasizing the risks of clicking unsolicited links. 5. Restrict access to the SOCET GXP Job Status Service to trusted networks and users where possible, reducing exposure to external attackers. 6. Monitor logs for unusual URL access patterns or suspicious job ID parameters that may indicate attempted exploitation. 7. Consider implementing Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the browser context. 8. Review and harden browser security settings for users of SOCET GXP to mitigate impact of potential XSS attacks.