CVE-2025-58257 describes a stored cross-site scripting vulnerability in Picture-Planet GmbH's Verowa Connect product, affecting versions up to 3.2.3. The issue is caused by improper neutralization of input during web page generation, which allows an attacker to inject malicious scripts that persist and execute in users' browsers. The vulnerability has a CVSS 3.1 score of 6.5, reflecting medium severity with network attack vector, low attack complexity, requiring privileges and user interaction, and impacts on confidentiality, integrity, and availability. There is no vendor advisory or patch information available at this time, and no known active exploitation has been reported.

Successful exploitation of this stored XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of affected users, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score and vector, indicating that while the vulnerability is exploitable remotely with low complexity, it requires some privileges and user interaction. No known exploits in the wild have been reported, so the immediate risk is moderate.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should apply standard XSS mitigations such as input validation and output encoding where possible. Monitor vendor communications for updates and apply patches promptly once available.