CVE-2025-58070 is a stored cross-site scripting vulnerability identified in Implem Inc.'s Pleasanter software, specifically affecting versions 1.4.20.0 and earlier. The vulnerability resides in the Preview for Attachments feature, where user-supplied input is not properly sanitized before being rendered in the web interface. This allows an attacker to inject malicious JavaScript code that is stored on the server and executed in the context of any logged-in user's browser who views the affected attachment preview. The attack vector is network-based with low attack complexity and does not require privileges or authentication, but does require user interaction (viewing the malicious attachment preview). The vulnerability impacts confidentiality and integrity by enabling theft of session cookies, credentials, or manipulation of displayed content, but does not affect availability. The CVSS 3.0 score of 6.1 reflects a medium severity level, with a scope change indicating that the vulnerability can affect resources beyond the initially vulnerable component. No public exploits are known at this time, but the presence of stored XSS in a collaboration or document management platform like Pleasanter poses a significant risk for targeted phishing or lateral movement attacks within organizations. The lack of available patches or official mitigation guidance increases urgency for organizations to implement compensating controls.

For European organizations, this vulnerability could lead to unauthorized access to sensitive information through session hijacking or credential theft, especially in environments where Pleasanter is used for internal collaboration and document management. Attackers could leverage this vulnerability to conduct spear-phishing campaigns or move laterally within networks by compromising user accounts. The impact is heightened in sectors handling sensitive or regulated data such as finance, healthcare, and government. Confidentiality and integrity of data are at risk, potentially leading to data breaches, compliance violations (e.g., GDPR), and reputational damage. While availability is not directly impacted, the indirect consequences of compromised accounts can disrupt business operations. The medium severity rating suggests a moderate but non-trivial risk that requires timely mitigation to prevent exploitation.

European organizations should immediately assess their use of Pleasanter and identify any instances running version 1.4.20.0 or earlier. Since no official patches are currently available, organizations should consider disabling the Preview for Attachments feature to eliminate the attack vector. Implement strict input validation and output encoding on any user-supplied content related to attachments to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Monitor web server and application logs for unusual activity or repeated access to attachment previews. Educate users about the risks of interacting with unexpected or suspicious attachments. Additionally, enforce multi-factor authentication (MFA) to reduce the impact of stolen credentials. Stay alert for vendor updates or patches and apply them promptly once released.