CVE-2025-61413 is a stored cross-site scripting vulnerability identified in the /manager/pages component of Piranha CMS version 12.1. The vulnerability arises because the Markdown blocks used for page content do not properly sanitize user input, allowing attackers to inject malicious JavaScript or HTML code. When a crafted payload is inserted into these Markdown blocks during page creation, the malicious script is stored persistently on the server and executed in the browsers of users who view the affected pages. This can lead to session hijacking, credential theft, defacement, or the execution of arbitrary actions on behalf of the victim. The vulnerability does not currently have a CVSS score, and no patches or known exploits are reported yet. Exploitation requires the ability to create or modify pages within the CMS, which may require some level of access or user privileges. However, if page creation is publicly accessible or weakly controlled, the risk increases substantially. The lack of input sanitization in Markdown rendering is the root cause, and the vulnerability affects the confidentiality and integrity of user data and sessions. This type of stored XSS is particularly dangerous because the malicious code persists and can affect multiple users over time. The vulnerability was reserved in late September 2025 and published in October 2025, indicating recent discovery.

For European organizations, this vulnerability could lead to significant security incidents including session hijacking, unauthorized actions performed on behalf of legitimate users, data theft, and reputational damage. Organizations using Piranha CMS 12.1 for managing public-facing websites or internal portals are at risk of attackers injecting malicious scripts that execute in the browsers of administrators, editors, or visitors. This could facilitate further attacks such as privilege escalation, phishing, or malware distribution. The impact is heightened in sectors with sensitive data or critical infrastructure, such as government, finance, healthcare, and media. Additionally, compliance with GDPR and other data protection regulations could be jeopardized if personal data is compromised through exploitation of this vulnerability. The absence of a patch at this time increases the window of exposure, and organizations with weak access controls on page creation are particularly vulnerable. The persistent nature of stored XSS means that once exploited, the malicious payload can affect multiple users over an extended period, amplifying the potential damage.

1. Immediately restrict permissions for page creation and editing within the Piranha CMS to trusted and verified users only, minimizing the attack surface. 2. Implement strict input validation and sanitization on all Markdown content inputs, ideally using a whitelist approach to allow only safe HTML and scripts. 3. Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers, reducing the impact of potential XSS payloads. 4. Monitor CMS logs and user activity for unusual page creation or modification behavior that could indicate exploitation attempts. 5. Once available, promptly apply official patches or updates from Piranha CMS addressing this vulnerability. 6. Consider using web application firewalls (WAF) with rules designed to detect and block XSS payloads targeting Markdown or similar content fields. 7. Educate CMS administrators and content creators about the risks of injecting untrusted content and encourage best practices for secure content management. 8. Conduct regular security assessments and penetration testing focused on CMS components to identify and remediate similar vulnerabilities proactively.