CVE-2025-58859 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability identified in the 'Add to Feedly' browser extension developed by David Merinas, affecting versions up to 1.2.11. The vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user without their consent by exploiting the lack of proper CSRF protections. Specifically, this vulnerability can lead to Stored Cross-Site Scripting (XSS), where malicious scripts injected via forged requests are persistently stored and executed in the context of the victim's browser. The CVSS 3.1 score of 7.1 reflects the network attack vector, low attack complexity, no privileges required, but user interaction is necessary, and the scope is changed, impacting confidentiality, integrity, and availability at a low level each. The vulnerability arises from improper validation of requests, allowing attackers to craft malicious web pages or links that, when visited by a user with the vulnerable extension installed and active, execute unauthorized commands or inject malicious scripts. This can lead to session hijacking, data theft, or manipulation of user data within the extension's scope. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that users and organizations should be vigilant and consider mitigation strategies proactively.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on the 'Add to Feedly' extension for aggregating and managing RSS feeds and news sources. Exploitation could lead to unauthorized actions performed in the context of the user's session, potentially exposing sensitive information or allowing attackers to manipulate data feeds. This could disrupt information workflows, lead to misinformation, or enable further attacks such as phishing or malware distribution through compromised feeds. The stored XSS aspect increases the risk by enabling persistent malicious code execution, which can affect multiple users if the extension is used in collaborative environments. Confidentiality, integrity, and availability of user data and feeds can be compromised, impacting operational continuity and trust in information sources. Given the extension's role in content aggregation, targeted attacks could be used for espionage or disinformation campaigns, which are of particular concern in the European geopolitical context.

Organizations and users should immediately audit their use of the 'Add to Feedly' extension and consider disabling or uninstalling it until a security patch is released. Monitoring for updates from the vendor or trusted security advisories is critical. Network-level protections such as Content Security Policy (CSP) enforcement and web filtering can help reduce exposure to malicious CSRF attempts. Educating users about the risks of clicking on untrusted links or visiting suspicious websites can reduce the likelihood of exploitation. For organizations deploying this extension in managed environments, implementing application whitelisting and restricting browser extension installations to vetted and updated versions is advisable. Additionally, security teams should monitor for unusual activities related to feed management or browser behavior indicative of exploitation attempts. If possible, use alternative, more secure feed aggregation tools that have robust CSRF protections and are actively maintained.