CVE-2025-61319 identifies a stored Cross-Site Scripting (XSS) vulnerability in ReNgine, an open-source reconnaissance and vulnerability management tool, affecting versions through 2.2.0. The vulnerability resides in the Vulnerabilities module where user-supplied input during target scanning is not properly sanitized before being rendered in the web user interface. Specifically, when an attacker includes a malicious JavaScript payload in the scan input, this payload is stored and later executed in the context of the ReNgine administrator's browser session. This stored XSS flaw enables attackers to perform arbitrary JavaScript execution, which can be leveraged to steal session cookies, hijack administrator accounts, perform unauthorized actions within the application, or pivot to further attacks on the internal network. Exploitation requires the attacker to submit crafted scan inputs, which may be possible if the attacker has access to initiate scans or influence scan parameters. The vulnerability does not require bypassing authentication if the attacker can submit scan data, but it targets the administrator's session, making it a high-risk scenario for privilege escalation and data compromise. No CVSS score is assigned yet, and no public exploits have been reported. The vulnerability was published on October 10, 2025, with a reserved date of September 26, 2025. The lack of patch links suggests that fixes may not yet be available, emphasizing the need for immediate mitigation steps.

For European organizations, this vulnerability poses significant risks to the confidentiality and integrity of sensitive security data managed via ReNgine. Compromise of administrator accounts could lead to unauthorized access to reconnaissance data, manipulation of vulnerability assessments, and potential exposure of internal network details. This could facilitate further targeted attacks or data breaches. Organizations relying on ReNgine for security operations or penetration testing may face operational disruptions if attackers leverage this vulnerability to alter scan results or disable security controls. The stored XSS nature means that any administrator accessing the vulnerable interface could be compromised, increasing the attack surface. Additionally, theft of session cookies could allow persistent access to the application, exacerbating the impact. The absence of known exploits in the wild reduces immediate risk but does not diminish the potential severity once exploitation techniques become public. The vulnerability could also undermine trust in security tooling, affecting compliance and regulatory postures within the EU.

Immediate mitigation should focus on restricting access to the ReNgine web interface to trusted administrators only, ideally through network segmentation and VPN access. Implement strict input validation and output encoding on all user-supplied data within the Vulnerabilities module to prevent script injection. Until an official patch is released, consider disabling or limiting the Vulnerabilities module functionality that processes scan inputs from untrusted sources. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web UI. Monitor administrative sessions for unusual activity and enforce multi-factor authentication to reduce the risk of session hijacking. Regularly back up configuration and scan data to enable recovery in case of compromise. Stay informed about vendor updates and apply patches promptly once available. Conduct security awareness training for administrators to recognize potential phishing or social engineering attempts that could exploit this vulnerability.