CVE-2025-57897 describes a reflected Cross-site Scripting (XSS) vulnerability in the venusweb Logtik product, affecting versions up to 2.3. The issue is caused by improper neutralization of input during web page generation, which allows an attacker to inject malicious scripts that execute in the victim's browser session. The CVSS v3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and the product is not a cloud service.

Successful exploitation of this vulnerability can allow an attacker to execute arbitrary scripts in the context of a victim's browser, potentially leading to partial disclosure of sensitive information, manipulation of data, or disruption of availability within the affected application session. The CVSS score of 7.1 indicates a high severity with impacts on confidentiality, integrity, and availability, although the attack requires user interaction and does not require privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with untrusted input and consider applying temporary mitigations such as input validation or output encoding where possible. Monitor vendor channels for updates regarding patches or official fixes.