CVE-2025-61674 is a cross-site scripting (XSS) vulnerability classified under CWE-79 affecting October CMS, a popular content management system and web platform. The flaw exists in the backend configuration forms where users with the Global Editor Settings permission can inject malicious code into the stylesheet input field under Markup Styles. Specifically, the vulnerability arises because the input is not properly neutralized or sanitized before being embedded within a <style> tag context. An attacker can craft input that breaks out of the style context, allowing arbitrary HTML or JavaScript execution across backend pages. This can lead to unauthorized script execution affecting all backend users, potentially exposing sensitive configuration data or enabling further attacks such as session hijacking or privilege escalation. The vulnerability affects October CMS versions >= 4.0.0 and < 4.0.12, and all versions below 3.7.13. The issue was publicly disclosed and patched in versions 3.7.13 and 4.0.12. The CVSS v3.1 base score is 6.1, reflecting medium severity, with an attack vector of network, low attack complexity, requiring high privileges and user interaction, and impacting confidentiality and integrity but not availability. No known exploits have been reported in the wild to date.

For European organizations using October CMS, this vulnerability poses a risk primarily to the confidentiality and integrity of backend administrative data. If exploited, attackers with Global Editor Settings permission could execute arbitrary scripts within the backend environment, potentially leading to data leakage, unauthorized configuration changes, or further compromise of the CMS environment. This could disrupt content management workflows and expose sensitive business information. Organizations in sectors with high regulatory requirements for data protection, such as finance, healthcare, and government, may face compliance risks if this vulnerability is exploited. Additionally, the need for authenticated access with elevated permissions limits the attack surface but insider threats or compromised credentials could still enable exploitation. The absence of known exploits reduces immediate risk but does not eliminate the need for prompt remediation.

European organizations should immediately upgrade October CMS installations to versions 3.7.13 or 4.0.12 or later to apply the official patch. Until patching is complete, restrict the Global Editor Settings permission to only trusted administrators and regularly audit accounts with this privilege. Implement strict input validation and sanitization controls on backend forms if custom modifications exist. Employ web application firewalls (WAFs) with rules to detect and block suspicious script injection attempts targeting the stylesheet input fields. Monitor backend logs for unusual activity related to configuration changes or script execution. Conduct regular security training to reduce the risk of credential compromise for privileged users. Finally, maintain a robust incident response plan to quickly address any signs of exploitation.