CVE-2025-59832 is a critical stored Cross-Site Scripting (XSS) vulnerability affecting versions of the Horilla Human Resource Management System (HRMS) prior to 1.4.0. Horilla is an open-source HRMS platform used to manage employee data and HR workflows. The vulnerability exists in the ticket comment editor component, where insufficient input sanitization allows a low-privilege authenticated user to inject arbitrary JavaScript code. This malicious script is stored and later executed in the context of an administrator's browser when they view the affected ticket comments. Exploitation enables the attacker to steal sensitive session cookies and Cross-Site Request Forgery (CSRF) tokens, leading to session hijacking and potential full administrative control over the HRMS instance. The CVSS v3.1 base score is 9.9 (critical), reflecting the network exploitable nature (no user interaction required), low attack complexity, and the high impact on confidentiality, integrity, and availability. The vulnerability has been patched in Horilla version 1.4.0, and users are strongly advised to upgrade. No known exploits are currently reported in the wild, but the severity and ease of exploitation make this a high-risk issue for organizations using affected versions.

For European organizations, the impact of this vulnerability can be significant. HRMS platforms contain sensitive personal data, including employee identities, payroll information, and internal communications. Successful exploitation could lead to unauthorized access to this data, violating GDPR and other data protection regulations, potentially resulting in heavy fines and reputational damage. Administrative account compromise could allow attackers to manipulate HR records, create backdoors, or pivot to other internal systems, increasing the risk of broader organizational compromise. Given the criticality and the fact that exploitation requires only low-privilege authenticated access, insider threats or compromised user accounts could be leveraged to escalate privileges. The disruption of HR services could also affect business continuity and employee trust.

European organizations using Horilla should immediately verify their version and upgrade to 1.4.0 or later to apply the official patch. Until patched, implement strict access controls to limit ticket comment editing privileges to trusted users only. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injection patterns in ticket comments. Conduct thorough audits of user accounts to identify and disable any suspicious or inactive accounts that could be exploited. Additionally, monitor logs for unusual administrative session activity that could indicate exploitation attempts. Educate HR and IT staff about the risks of stored XSS and the importance of applying security updates promptly. Finally, consider implementing Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting script execution contexts.