CVE-2025-59467 is a Cross-Site Scripting (XSS) vulnerability found in the Ubiquiti UCRM Argentina AFIP invoices Plugin versions 1.2.0 and earlier. This plugin integrates invoicing functionalities related to Argentina's AFIP tax system within the UCRM platform. The vulnerability arises from improper sanitization of user-supplied input, allowing an attacker to inject malicious scripts. If an administrator visits a crafted malicious page exploiting this XSS flaw, the attacker can escalate privileges, potentially gaining administrative control over the UCRM system. The plugin is disabled by default, which limits the attack surface, but if enabled, the risk is significant. The CVSS 3.1 base score is 7.5, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits have been reported yet, but the vulnerability’s nature means it could be leveraged for significant system compromise. The recommended mitigation is to update the plugin to version 1.3.0 or later, where the vulnerability has been patched.

For European organizations, the impact of this vulnerability can be substantial if they use Ubiquiti’s UCRM platform with the Argentina AFIP invoices Plugin enabled. Successful exploitation could allow attackers to gain administrative privileges, leading to unauthorized access to sensitive business and invoicing data, manipulation of financial records, and potential disruption of invoicing operations. This could result in financial loss, regulatory non-compliance, and reputational damage. Since the plugin is related to invoicing for Argentina, European companies with business operations or subsidiaries dealing with Argentine tax compliance are particularly at risk. The vulnerability’s requirement for user interaction (administrator visiting a malicious page) means phishing or social engineering could be used as an attack vector. The high impact on confidentiality, integrity, and availability underscores the critical need for timely patching to prevent potential data breaches or operational disruptions.

1. Immediately update the UCRM Argentina AFIP invoices Plugin to version 1.3.0 or later, where the vulnerability is fixed. 2. Disable the plugin if it is not actively used, as it is disabled by default and reducing attack surface is critical. 3. Educate administrators about phishing and social engineering risks to minimize the chance of them visiting malicious pages. 4. Implement web filtering and endpoint protection to block access to known malicious URLs. 5. Monitor UCRM logs for unusual administrative activities that could indicate exploitation attempts. 6. Regularly audit and review plugin usage and permissions within UCRM to ensure least privilege principles are enforced. 7. Consider network segmentation to isolate UCRM systems from general user networks to limit exposure. 8. Stay informed on any emerging exploit reports or patches related to this vulnerability.