CVE-2025-6060 is a medium-severity Cross-Site Scripting (XSS) vulnerability identified in DECE Software's Geodi product, affecting versions prior to GEODI Setup 9.0.146. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. This means that user-supplied input is not adequately sanitized or encoded before being included in web pages, allowing attackers to inject malicious scripts. The CVSS 3.1 base score is 5.4, reflecting a network attack vector with low attack complexity but requiring privileges and user interaction. The vulnerability impacts confidentiality and integrity but not availability. Exploitation could allow an attacker with some level of access (privileges) to trick a user into executing malicious scripts, potentially leading to session hijacking, unauthorized actions on behalf of the user, or data leakage within the context of the Geodi application. The scope is changed (S:C), indicating that the vulnerability affects components beyond the initially vulnerable component, possibly impacting other parts of the system or user sessions. No known exploits are currently reported in the wild, and no patches or mitigations have been linked yet. The vulnerability was reserved in mid-June 2025 and published in late July 2025, indicating recent discovery and disclosure.

For European organizations using DECE Software Geodi, this vulnerability poses a risk primarily to the confidentiality and integrity of data processed or displayed by the application. Since Geodi is a software solution likely used for data integration, document management, or similar enterprise functions, exploitation could lead to unauthorized disclosure of sensitive information or manipulation of data within the application. The requirement for privileges and user interaction limits the ease of exploitation but does not eliminate risk, especially in environments where internal users or attackers with some access could leverage this flaw. The changed scope suggests that exploitation could affect multiple users or system components, potentially amplifying the impact. European organizations in sectors such as government, finance, or critical infrastructure that rely on Geodi for data workflows may face increased risk of targeted attacks aiming to extract confidential information or disrupt business processes. Additionally, regulatory frameworks like GDPR impose strict data protection requirements, and exploitation of this vulnerability could lead to compliance violations and reputational damage.

Given the absence of an official patch link, European organizations should implement immediate compensating controls. These include: 1) Restricting access to the Geodi application to trusted users and networks, minimizing exposure to untrusted or external users. 2) Implementing strict input validation and output encoding at the application or web server level, if possible, to neutralize malicious inputs before rendering. 3) Employing Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the application context. 4) Conducting user awareness training to reduce the risk of social engineering attacks that could trigger the required user interaction. 5) Monitoring application logs and network traffic for unusual activities indicative of attempted XSS exploitation. 6) Planning and prioritizing an update to GEODI Setup 9.0.146 or later once available to remediate the vulnerability definitively. 7) Reviewing and tightening privilege assignments within the application to ensure minimal necessary access, reducing the pool of users who could exploit this vulnerability.