CVE-2025-61078 is a cross-site scripting (XSS) vulnerability identified in phpIPAM version 1.7.3, a popular open-source IP address management (IPAM) tool. The vulnerability exists in the 'Request IP' form, specifically in the 'instructions' parameter processed by the /app/admin/instructions/edit-result.php endpoint. An attacker can craft malicious input containing arbitrary JavaScript or HTML code and inject it into this parameter. When a user accesses the affected page, the injected script executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed with the victim's privileges. The CVSS 3.1 base score is 6.1, indicating medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, but user interaction needed. The scope is changed, meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact affects confidentiality and integrity but not availability. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The CWE classification is CWE-79, which corresponds to improper neutralization of input during web page generation, a common XSS category.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on phpIPAM for managing IP address allocations in enterprise or critical infrastructure environments. Successful exploitation could allow attackers to execute malicious scripts in the context of authenticated users, potentially leading to theft of session cookies, unauthorized access to sensitive network management data, or manipulation of IP address assignments. This could disrupt network operations or facilitate further lateral movement within the network. Although availability is not directly impacted, the compromise of confidentiality and integrity could undermine trust in network management systems and lead to compliance issues under regulations such as GDPR. Organizations with large IT infrastructures or those in sectors like telecommunications, finance, and government are particularly at risk due to the critical nature of IP address management.

To mitigate CVE-2025-61078, organizations should implement the following specific measures: 1) Apply strict input validation and sanitization on the 'instructions' parameter to prevent injection of malicious scripts. 2) Employ context-aware output encoding on all user-supplied data rendered in the web interface to neutralize potential XSS payloads. 3) Restrict access to the /app/admin/instructions/edit-result.php endpoint to trusted administrators only, using network segmentation and access control lists. 4) Monitor web application logs for unusual or suspicious input patterns targeting the 'instructions' parameter. 5) If possible, upgrade phpIPAM to a version where this vulnerability is patched once available. 6) Educate users about the risks of interacting with untrusted links or inputs within the phpIPAM interface. 7) Consider deploying web application firewalls (WAFs) with rules tailored to detect and block XSS attempts targeting this endpoint. 8) Regularly review and update security policies related to web application security and incident response procedures.