CVE-2025-60131 is a stored Cross-site Scripting (XSS) vulnerability identified in the Zoefff Werk aan de Muur application, versions up to and including 1.5. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious scripts to be stored on the server and subsequently executed in the browsers of users who view the affected content. This type of vulnerability can lead to unauthorized disclosure of sensitive information, session hijacking, or manipulation of web content, impacting the confidentiality and integrity of user data. The CVSS v3.1 base score is 4.4, indicating medium severity, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), requiring privileges (PR:H), no user interaction (UI:N), and a scope change (S:C). The vulnerability requires an attacker to have high privileges on the system, which limits exploitation to insiders or compromised accounts with elevated rights. There is no indication of known exploits in the wild, and no patches have been linked yet. The vulnerability affects the Werk aan de Muur product, which is a platform related to digital art and creative content, potentially used by organizations in the art and design sectors. The improper input neutralization likely involves insufficient sanitization or encoding of input fields that are rendered in web pages, enabling persistent script injection. Given the scope change, exploitation could affect other components or users beyond the initially compromised context.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of data processed or displayed by the Werk aan de Muur platform. Attackers with high privileges could inject malicious scripts that execute in other users' browsers, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of users. While availability is not directly impacted, the reputational damage and potential data breaches could have regulatory consequences under GDPR. Organizations in the creative, digital art, and e-commerce sectors using this platform are at higher risk. The requirement for high privileges to exploit reduces the likelihood of external attackers but raises concerns about insider threats or compromised privileged accounts. The persistence of the XSS payload increases the risk of widespread impact across users accessing the affected content. This vulnerability could be leveraged as part of a multi-stage attack chain, especially in environments where Werk aan de Muur integrates with other systems or handles sensitive customer data.

To mitigate CVE-2025-60131, organizations should implement strict input validation and output encoding on all user-supplied data rendered in web pages to prevent script injection. Employ context-aware encoding libraries that handle HTML, JavaScript, and URL contexts appropriately. Restrict privileges to the minimum necessary, ensuring that only trusted users have high-level access that could exploit this vulnerability. Conduct regular code reviews and security testing focusing on input handling and sanitization. Monitor logs and user activity for unusual behavior indicative of exploitation attempts. If patches become available from Zoefff, prioritize timely application. Additionally, implement Content Security Policy (CSP) headers to reduce the impact of potential XSS by restricting script execution sources. Educate administrators and developers about secure coding practices related to XSS. Consider deploying Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting this platform. Finally, maintain an incident response plan to quickly address any detected exploitation.