The vulnerability CVE-2025-58964 in skygroup Enzy is a reflected cross-site scripting (XSS) issue caused by improper neutralization of input during web page generation. This allows attackers to inject malicious scripts that execute when a user interacts with crafted content. The affected versions are all releases prior to 1.6.4. The CVSS v3.1 base score is 7.1, indicating high severity, with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or official remediation guidance is currently provided.

Successful exploitation of this vulnerability can lead to execution of arbitrary scripts in the context of the victim's browser, potentially resulting in information disclosure, modification of data, or disruption of service. The attack requires user interaction and can be launched remotely over the network. The overall impact affects confidentiality, integrity, and availability at a low level each.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with untrusted inputs and avoid interacting with suspicious links or content related to the affected Enzy versions. Monitor vendor channels for updates regarding patches or mitigations.