CVE-2025-6092 is a cross-site scripting (XSS) vulnerability affecting the ComfyUI product developed by comfyanonymous, specifically in versions up to 0.3.39. The vulnerability resides in the /upload/image endpoint, where improper handling of the 'image' parameter allows an attacker to inject malicious scripts. This vulnerability is a result of an incomplete fix for a previous vulnerability (CVE-2024-10099), indicating that the underlying issue was not fully remediated. The attack vector is remote and does not require authentication, making it accessible to any unauthenticated attacker who can send crafted requests to the vulnerable endpoint. The vulnerability requires user interaction (UI:P) in the sense that the victim must load or interact with the maliciously crafted content for the XSS payload to execute. The CVSS 4.0 score is 5.3 (medium severity), reflecting a moderate impact primarily on the integrity of the affected system, with limited impact on confidentiality and availability. The vendor has been contacted but has not responded, and no official patch or mitigation has been released yet. The exploit has been publicly disclosed, increasing the risk of exploitation, although no known exploits in the wild have been reported at this time. The vulnerability allows attackers to execute arbitrary JavaScript in the context of the victim's browser session, potentially leading to session hijacking, defacement, or redirection to malicious sites. Given the nature of the vulnerability, it primarily threatens web applications and users interacting with the ComfyUI interface, especially those uploading or viewing images via the vulnerable endpoint.

For European organizations using ComfyUI, this vulnerability poses a significant risk to web application security and user trust. Exploitation could lead to session hijacking, unauthorized actions performed on behalf of users, theft of sensitive information accessible via the browser, and potential spread of malware through malicious scripts. Organizations in sectors such as finance, healthcare, and government, where data integrity and confidentiality are paramount, could face reputational damage and regulatory penalties if user data is compromised. The vulnerability's remote and unauthenticated nature increases the attack surface, especially for public-facing deployments. Additionally, the lack of vendor response and patch availability prolongs exposure, making timely mitigation critical. The incomplete fix history suggests potential for further related vulnerabilities, emphasizing the need for comprehensive security reviews. The medium severity rating indicates that while the vulnerability is not critical, it can be leveraged as part of a broader attack chain or social engineering campaign, amplifying its impact. European organizations relying on ComfyUI for internal or external web services should be aware of the risk of client-side attacks that could undermine user confidence and lead to compliance issues under regulations like GDPR.

1. Implement Web Application Firewall (WAF) rules specifically targeting the /upload/image endpoint to detect and block suspicious payloads containing script tags or common XSS vectors. 2. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and limit the domains from which scripts can be loaded, mitigating the impact of successful XSS attacks. 3. Sanitize and validate all user inputs on the server side, especially the 'image' parameter, using robust libraries or frameworks that enforce strict input validation and output encoding. 4. Isolate the vulnerable ComfyUI instance behind authentication and restrict access to trusted users only, reducing exposure to unauthenticated attackers. 5. Monitor application logs and network traffic for unusual activity related to the /upload/image endpoint to detect potential exploitation attempts early. 6. If feasible, disable or restrict the image upload functionality temporarily until a vendor patch or official fix is available. 7. Educate users about the risks of clicking on suspicious links or interacting with untrusted content within the ComfyUI environment. 8. Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including XSS, to identify and remediate similar issues proactively. 9. Engage with the vendor or community to encourage timely patch development and share threat intelligence related to this vulnerability.