CVE-2025-61623 is a reflected cross-site scripting (XSS) vulnerability classified under CWE-79, affecting Apache OFBiz versions before 24.09.03. Apache OFBiz is an open-source enterprise resource planning (ERP) and e-commerce platform widely used for business process automation. The vulnerability arises from improper neutralization of user-supplied input during web page generation, allowing attackers to inject malicious JavaScript code into HTTP responses. Because the vulnerability is reflected, the malicious payload is embedded in a crafted URL or request, which when visited by a victim, executes in their browser context. This can lead to unauthorized actions such as session hijacking, credential theft, or redirection to malicious sites. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The scope is unchanged, meaning the vulnerability affects only the vulnerable component. The vulnerability impacts confidentiality and integrity but does not affect availability. No known exploits have been reported in the wild as of the publication date. The recommended remediation is to upgrade Apache OFBiz to version 24.09.03, which includes the necessary input validation and output encoding fixes to neutralize the XSS vectors.

For European organizations, this vulnerability poses a risk primarily to confidentiality and integrity of user sessions and data within Apache OFBiz deployments. Exploitation could lead to unauthorized access to sensitive business information, manipulation of transaction data, or compromise of user accounts. Given Apache OFBiz's role in ERP and e-commerce, successful attacks could disrupt business operations, damage reputation, and result in regulatory compliance issues under GDPR due to potential data breaches. The reflected XSS nature means attackers can craft malicious links to target employees, partners, or customers, increasing the risk of phishing and social engineering attacks. While availability is not directly impacted, indirect effects such as loss of trust or forced downtime for remediation could occur. Organizations with public-facing OFBiz portals are particularly vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits post-disclosure.

European organizations should immediately plan and execute an upgrade of Apache OFBiz to version 24.09.03 or later to remediate the vulnerability. In parallel, implement web application firewall (WAF) rules to detect and block common XSS attack patterns targeting OFBiz endpoints. Conduct thorough input validation and output encoding audits on any custom OFBiz extensions or integrations to prevent similar issues. Educate users and administrators about the risks of clicking on suspicious links and encourage the use of security-aware browsing practices. Monitor logs for unusual request patterns that may indicate attempted exploitation. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing OFBiz applications. Regularly review and update security configurations and ensure timely application of patches for all components. Finally, consider penetration testing or vulnerability scanning focused on XSS to validate the effectiveness of mitigations.