CVE-2025-57964 is a Stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting the photonicgnostic Library Bookshelves product up to version 5.11. Stored XSS occurs when malicious input is improperly neutralized and then permanently stored by the application, later served to users without adequate sanitization. In this case, the vulnerability arises during web page generation, where user-supplied input is embedded into pages without proper encoding or filtering. An attacker exploiting this flaw can inject malicious scripts that execute in the browsers of users who access the affected pages. The CVSS 3.1 score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), user interaction (UI:R), scope change (S:C), and impacts on confidentiality, integrity, and availability at a low level (C:L/I:L/A:L). This means the attacker needs some level of authenticated access and user interaction to trigger the exploit, but successful exploitation can lead to session hijacking, data theft, or further compromise of user accounts and application integrity. No known exploits are currently reported in the wild, and no patches are linked yet, indicating the vulnerability is newly disclosed. The vulnerability affects all versions up to 5.11, with no specific lower bound version identified.

For European organizations using photonicgnostic Library Bookshelves, this vulnerability poses a risk of client-side attacks that can compromise user sessions, steal sensitive information, or perform unauthorized actions on behalf of users. Since the vulnerability requires some level of privilege and user interaction, internal users or trusted partners could be targeted via phishing or social engineering to trigger the exploit. The scope change in the CVSS vector suggests that exploitation could affect components beyond the initially vulnerable module, potentially impacting broader application functionality or user data. Given the medium severity, the impact on confidentiality, integrity, and availability is limited but non-negligible, especially for organizations managing sensitive library or document management data. Exploitation could lead to reputational damage, regulatory compliance issues (e.g., GDPR if personal data is exposed), and operational disruption. The lack of known exploits currently provides a window for proactive mitigation before active attacks emerge.

Organizations should immediately review and implement input validation and output encoding best practices in the Library Bookshelves application, focusing on all user-supplied data rendered in web pages. Employ context-aware encoding (e.g., HTML entity encoding) to neutralize scripts. Since no official patches are currently available, consider temporary mitigations such as deploying Web Application Firewalls (WAFs) with rules to detect and block typical XSS payloads targeting this product. Conduct thorough code audits to identify all injection points and sanitize inputs accordingly. Limit user privileges to the minimum necessary to reduce the risk posed by the required privilege level for exploitation. Educate users about phishing risks and suspicious links to reduce the chance of user interaction triggering the exploit. Monitor application logs for unusual input patterns or errors that may indicate attempted exploitation. Once patches are released, prioritize timely application. Additionally, consider Content Security Policy (CSP) headers to restrict script execution sources as a defense-in-depth measure.