CVE-2025-57912 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the Dialogity Free Live Chat software, versions up to and including 1.0.3. This vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. Specifically, the application fails to adequately sanitize or encode user-supplied input before rendering it in the web interface, allowing an attacker to inject malicious scripts that are persistently stored and subsequently executed in the browsers of users who access the affected chat interface. The CVSS 3.1 base score is 5.9 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality, integrity, and availability at a low level. Although no known exploits are currently reported in the wild, the nature of stored XSS can enable session hijacking, credential theft, or delivery of further malware payloads if exploited. The vulnerability is particularly relevant for organizations using Dialogity Free Live Chat as part of their customer support or communication infrastructure, as it can compromise end-user trust and lead to data leakage or unauthorized actions within the web application context.

For European organizations, the exploitation of this vulnerability could lead to unauthorized access to sensitive customer data, session hijacking, and potential defacement or manipulation of web content served via the chat interface. This can damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR violations due to data leakage), and disrupt customer service operations. Since the vulnerability requires high privileges to exploit and user interaction, the risk is somewhat mitigated but still significant in environments where privileged users interact with the chat system. Attackers could leverage this vulnerability to target customer service representatives or administrators, potentially gaining access to internal systems or sensitive communications. The impact on availability is low but could include denial of service through malicious script execution. Given the widespread use of live chat solutions in European businesses for customer engagement, the vulnerability poses a moderate risk to confidentiality and integrity of communications.

To mitigate this vulnerability, organizations should prioritize updating Dialogity Free Live Chat to a patched version once available. In the absence of an official patch, implement strict input validation and output encoding on all user-supplied data rendered in the chat interface, using context-appropriate escaping (e.g., HTML entity encoding). Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. Additionally, restrict high-privilege access to the chat system and enforce multi-factor authentication to reduce the risk of privilege abuse. Conduct regular security audits and penetration testing focused on web application inputs and stored data handling. Educate users with high privileges about the risks of interacting with untrusted content and the importance of cautious behavior when handling chat inputs. Finally, monitor logs for unusual script injection patterns or anomalous user behavior indicative of exploitation attempts.