CVE-2025-60131 is a Stored Cross-site Scripting (XSS) vulnerability identified in the Zoefff product Werk aan de Muur, affecting versions up to and including 1.5. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing malicious scripts to be stored on the server and subsequently executed in the browsers of users who visit the affected pages. Stored XSS is particularly dangerous because the malicious payload persists on the site, increasing the likelihood of widespread impact. Attackers can exploit this flaw to steal session cookies, perform actions on behalf of authenticated users, deface websites, or deliver malware. The vulnerability does not require authentication or user interaction beyond visiting a compromised page, making exploitation relatively straightforward. No CVSS score has been assigned yet, and no public exploits are known at this time. However, the vulnerability's nature suggests a significant risk to confidentiality, integrity, and availability of user data and site functionality. Werk aan de Muur is a platform used for displaying and selling artwork online, which may involve sensitive user information and financial transactions. The lack of patches or mitigation links indicates that users must proactively implement security controls to reduce risk until an official fix is released.

For European organizations using Werk aan de Muur, this vulnerability could lead to unauthorized access to user accounts, theft of sensitive personal or financial information, and reputational damage due to website defacement or malware distribution. Stored XSS can facilitate session hijacking, enabling attackers to impersonate legitimate users and perform unauthorized actions. This is particularly concerning for e-commerce or art marketplace platforms where trust and data integrity are critical. The persistent nature of the vulnerability increases the attack surface and potential for widespread exploitation. Additionally, regulatory compliance risks arise under GDPR if personal data is compromised. The impact is amplified in sectors with high digital engagement and online transactions, such as cultural institutions, galleries, and creative businesses prevalent in Europe.

Organizations should immediately audit their Werk aan de Muur installations for signs of exploitation and sanitize all user inputs rigorously. Implement strict input validation and output encoding to neutralize potentially malicious scripts. Employ Content Security Policy (CSP) headers to restrict script execution sources and reduce XSS impact. Regularly update the software once patches become available from Zoefff. Use web application firewalls (WAFs) with rules targeting XSS payloads to provide interim protection. Educate developers and administrators on secure coding practices related to input handling. Monitor logs for unusual activity indicative of XSS exploitation attempts. Consider isolating or restricting features that accept user-generated content until the vulnerability is resolved. Finally, maintain an incident response plan to quickly address any detected compromises.