CVE-2025-60185 is a vulnerability classified under CWE-79, indicating an Improper Neutralization of Input During Web Page Generation, commonly known as Cross-site Scripting (XSS). Specifically, this vulnerability affects the 'kontur Admin Style' product by kontur.us, up to version 1.0.4. The flaw allows an attacker to inject malicious scripts that are stored persistently (Stored XSS) and later executed in the context of users accessing the affected web interface. Stored XSS vulnerabilities occur when user-supplied input is not properly sanitized or encoded before being included in web pages, enabling attackers to execute arbitrary JavaScript code in victims' browsers. This can lead to session hijacking, credential theft, unauthorized actions on behalf of users, or distribution of malware. The CVSS v3.1 base score is 5.9, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L) reveals that the attack can be launched remotely over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is low to low-medium, reflecting limited but non-negligible consequences. No known exploits are currently reported in the wild, and no patches are linked yet. The vulnerability was published on September 26, 2025, and reserved the day before. The lack of patch availability suggests organizations using this product should prioritize mitigation and monitoring until an official fix is released.

For European organizations using kontur Admin Style, this vulnerability poses a risk of persistent cross-site scripting attacks that could compromise administrative interfaces. Given that the vulnerability requires high privileges and user interaction, the threat is primarily to users with elevated access, such as administrators or privileged operators. Successful exploitation could lead to unauthorized actions within the admin panel, leakage of sensitive information, session hijacking, or further lateral movement within the network. This is particularly concerning for sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government agencies. The changed scope implies that the impact could extend beyond the immediate application, potentially affecting integrated systems or services. Although no active exploits are known, the medium severity and stored nature of the XSS make it a persistent risk if left unaddressed. European organizations must be vigilant, as attackers often target administrative interfaces to gain footholds or escalate privileges.

1. Immediate mitigation should include implementing strict input validation and output encoding on all user-supplied data within the kontur Admin Style interface, especially in areas where data is stored and later rendered. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of any injected code. 3. Limit administrative access strictly to trusted personnel and enforce multi-factor authentication to reduce the risk posed by compromised credentials. 4. Monitor logs and user activity for unusual behavior indicative of XSS exploitation attempts or successful attacks. 5. Until an official patch is released, consider isolating the affected admin interface from the public internet or restricting access via VPN or IP whitelisting. 6. Educate privileged users about the risks of phishing or social engineering that could trigger user interaction required for exploitation. 7. Regularly check for updates from kontur.us and apply patches promptly once available. 8. Conduct security assessments and penetration testing focused on XSS vulnerabilities in the affected environment to identify and remediate any additional weaknesses.