CVE-2025-57540 is a stored cross-site scripting (XSS) vulnerability identified in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) version 8.4. This vulnerability allows an authenticated user to inject malicious JavaScript code into the configuration interface. When other users, such as administrators or operators, access the affected configuration page, the injected script executes in their browsers. Stored XSS vulnerabilities are particularly dangerous because the malicious payload is persistently stored on the server and delivered to multiple users, potentially enabling a wide range of client-side attacks including session hijacking, credential theft, unauthorized actions on behalf of the user, and distribution of malware. The vulnerability requires authentication, meaning that an attacker must have some level of access to the PVE environment to exploit it. However, once exploited, the impact can extend to any user who views the compromised configuration page. Proxmox Virtual Environment is a widely used open-source virtualization management platform, particularly in enterprise and data center environments. The WebAuthn Relying Party field is part of the authentication configuration, making this vulnerability sensitive as it could undermine authentication mechanisms or expose administrative users to targeted attacks. No CVSS score has been assigned yet, and no known exploits are reported in the wild as of the publication date. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate attention and mitigation by affected organizations.

For European organizations using Proxmox VE 8.4, this vulnerability poses a significant risk to the confidentiality and integrity of their virtualization management infrastructure. Exploitation could lead to unauthorized access to administrative sessions, manipulation of virtual machine configurations, or broader compromise of the virtualized environment. Given that virtualization platforms often host critical workloads and sensitive data, a successful attack could disrupt business operations, lead to data breaches, or facilitate lateral movement within the network. The requirement for authentication limits the attack surface to insiders or compromised accounts, but insider threats or credential theft scenarios remain plausible. Furthermore, the execution of malicious scripts in administrator browsers could be leveraged to escalate privileges or implant persistent backdoors. The impact on availability is indirect but possible if attackers use the vulnerability to disrupt management operations or deploy ransomware. European organizations with stringent data protection regulations (e.g., GDPR) must consider the compliance implications of any data exposure resulting from this vulnerability.

1. Immediate mitigation should include restricting access to the Proxmox VE management interface to trusted administrators only, using network segmentation and VPNs to limit exposure. 2. Implement strict input validation and sanitization on the WebAuthn Relying Party field to prevent injection of malicious scripts; if a patch becomes available, apply it promptly. 3. Monitor user activity logs for suspicious behavior indicative of exploitation attempts, especially changes to the Datacenter configuration. 4. Educate administrators to be cautious when accessing configuration pages and to report any unexpected behavior or alerts from their browsers. 5. Employ Content Security Policy (CSP) headers on the management interface to reduce the impact of potential XSS payloads by restricting script execution sources. 6. Consider multi-factor authentication and strong password policies to reduce the risk of account compromise that could enable exploitation. 7. Regularly back up configuration data and virtual machines to enable recovery in case of compromise. 8. Stay informed about updates from Proxmox and apply security patches as soon as they are released.