CVE-2025-61078 is a cross-site scripting (XSS) vulnerability identified in phpIPAM version 1.7.3, an open-source IP address management application widely used for network infrastructure management. The vulnerability resides in the Request IP form, specifically in the instructions parameter processed by the /app/admin/instructions/edit-result.php endpoint. An attacker can exploit this flaw by injecting malicious JavaScript or HTML code into the instructions parameter, which is then rendered in the web interface without proper sanitization or encoding. This enables remote attackers to execute arbitrary scripts in the context of the victim's browser session, potentially leading to session hijacking, credential theft, unauthorized actions, or redirection to malicious sites. The vulnerability does not require authentication, increasing its risk profile, and can be exploited remotely via crafted HTTP requests. Although no known exploits have been reported in the wild, the vulnerability's presence in a critical network management tool could have significant operational impacts. The lack of a CVSS score indicates that the vulnerability is newly published and pending further assessment. The vulnerability highlights the importance of secure coding practices, particularly input validation and output encoding in web applications managing sensitive network data.

For European organizations, exploitation of this XSS vulnerability in phpIPAM could lead to unauthorized access to administrative sessions, enabling attackers to manipulate IP address management data or gain further footholds within the network. This can disrupt network operations, cause data integrity issues, and potentially expose sensitive network topology information. Since phpIPAM is often used by IT departments in enterprises, service providers, and government agencies, successful exploitation could impact critical infrastructure management and service availability. The risk is heightened in environments where phpIPAM is exposed to the internet or accessible by multiple users with varying privilege levels. Additionally, compromised sessions could be leveraged for lateral movement or to deploy further attacks within the organization. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure. European entities with stringent data protection regulations (e.g., GDPR) could face compliance risks if such vulnerabilities lead to data breaches or service disruptions.

1. Immediately restrict access to the /app/admin/instructions/edit-result.php endpoint to trusted administrators only, ideally via network segmentation or VPN. 2. Implement strict input validation and output encoding on the instructions parameter to neutralize malicious scripts. 3. Monitor web server and application logs for unusual requests targeting the instructions parameter or signs of attempted script injection. 4. Apply security patches or updates from the phpIPAM project as soon as they become available. 5. Employ web application firewalls (WAFs) with rules to detect and block XSS payloads targeting phpIPAM endpoints. 6. Conduct regular security assessments and penetration tests focusing on web application vulnerabilities in network management tools. 7. Educate administrators on the risks of XSS and the importance of cautious handling of input fields in administrative interfaces. 8. Consider isolating phpIPAM instances from direct internet exposure and enforce strong authentication and session management controls.