CVE-2025-57244 is a stored cross-site scripting (XSS) vulnerability identified in OpenKM Community Edition version 6.3.12, a widely used open-source document management system. The vulnerability arises from insufficient input sanitization in the user account creation interface. Specifically, the Name field allows direct insertion of script tags, while the Email field can be exploited by sending a modified POST request containing encoded script tags, which bypass frontend validation controls. This flaw enables an attacker with at least low privileges (PR:L) to inject malicious JavaScript code that is stored on the server and executed in the browsers of other users who view the affected pages, leading to potential session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability requires user interaction (UI:R) and has a scope change (S:C), meaning the attack can affect resources beyond the vulnerable component. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) reflects that the attack can be performed remotely over the network with low attack complexity, requires some privileges and user interaction, and impacts confidentiality and integrity but not availability. No official patches or exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly to prevent exploitation.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of sensitive information managed within OpenKM. Since OpenKM is used for document and content management, exploitation could lead to unauthorized access to confidential documents, theft of user credentials, or manipulation of user sessions. This could result in data breaches, compliance violations (e.g., GDPR), and reputational damage. The requirement for user interaction and low privileges reduces the likelihood of widespread automated exploitation, but targeted attacks against high-value users or administrators remain a concern. The absence of availability impact means service disruption is unlikely, but the integrity and confidentiality risks are significant enough to warrant immediate attention. Organizations relying on OpenKM for critical document workflows should consider this vulnerability a priority for remediation to maintain secure operations.

To mitigate CVE-2025-57244, organizations should implement the following specific measures: 1) Immediately review and restrict user privileges to minimize the number of users who can create accounts or input data into vulnerable fields. 2) Apply strict server-side input validation and sanitization on all user-supplied data, especially in the Name and Email fields, to neutralize script tags and encoded payloads. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. 4) Monitor logs for suspicious POST requests with encoded or unusual payloads targeting the account creation interface. 5) Educate users to be cautious of unexpected prompts or links that could trigger malicious scripts. 6) If possible, upgrade to a patched version of OpenKM once available or apply community-provided patches or workarounds. 7) Conduct regular security assessments and penetration tests focusing on web input validation and XSS vulnerabilities. These steps go beyond generic advice by emphasizing server-side controls, privilege management, and proactive monitoring tailored to this vulnerability's characteristics.