CVE-2025-57244 identifies a stored cross-site scripting (XSS) vulnerability in OpenKM Community Edition 6.3.12, specifically within the user account creation interface. The vulnerability arises because the Name input field accepts script tags without proper sanitization, and the Email field can be exploited by attackers who modify the POST request to include encoded script tags, effectively bypassing frontend validation mechanisms. This stored XSS flaw allows malicious scripts to be saved on the server and executed in the browsers of users who view the affected pages, potentially leading to session hijacking, credential theft, or unauthorized actions performed with the victim’s privileges. The vulnerability does not require prior authentication, increasing its risk profile. Although no known exploits have been reported in the wild, the lack of server-side input validation and the ability to bypass client-side checks make exploitation feasible. The absence of a CVSS score necessitates an assessment based on the vulnerability’s characteristics: it impacts confidentiality and integrity significantly, is easy to exploit, and affects a widely used document management platform. OpenKM is used primarily for enterprise content and document management, often in environments where sensitive business information is stored and shared, increasing the potential impact of successful exploitation. The vulnerability was published in November 2025, with no patches currently available, emphasizing the need for immediate mitigation efforts.

For European organizations, the impact of this stored XSS vulnerability can be substantial. Exploitation could lead to unauthorized access to sensitive documents, theft of user credentials, and session hijacking, which in turn could compromise the confidentiality and integrity of corporate data. Given that OpenKM is a document management system, attackers could leverage this vulnerability to escalate privileges or move laterally within an organization’s network. The stored nature of the XSS means that any user accessing the compromised interface could be affected, increasing the attack surface. This is particularly concerning for organizations with multiple users or public-facing portals. Additionally, exploitation could facilitate phishing or social engineering attacks by injecting malicious content into trusted environments. The absence of known exploits in the wild currently limits immediate risk, but the vulnerability’s characteristics suggest a high potential for damage if weaponized. Compliance with European data protection regulations such as GDPR could also be jeopardized if sensitive personal data is exposed or manipulated due to this vulnerability.

To mitigate this vulnerability effectively, European organizations should implement strict server-side input validation and sanitization for all user inputs, especially in the user account creation interface. Relying solely on frontend validation is insufficient, as attackers can bypass these controls by modifying POST requests. Organizations should monitor for updates or patches from OpenKM and apply them promptly once available. In the interim, consider implementing web application firewalls (WAFs) with rules designed to detect and block malicious script injections targeting the affected fields. Conduct regular security assessments and penetration tests focusing on input validation weaknesses. Educate users and administrators about the risks of XSS and encourage cautious behavior when interacting with user-generated content. If feasible, restrict access to the user account creation interface to trusted users or internal networks to reduce exposure. Logging and monitoring for suspicious activities related to account creation or unusual script execution can also help detect exploitation attempts early.