CVE-2025-61994 is a cross-site scripting (XSS) vulnerability identified in GROWI, Inc.'s GROWI product, affecting all versions prior to 7.2.10. The vulnerability arises when a malicious user with the ability to create or edit pages inserts crafted content containing executable scripts. When other users access such a compromised page, the embedded script executes within their browsers under the context of the vulnerable GROWI instance. This can lead to unauthorized actions such as session hijacking, theft of sensitive information, or manipulation of displayed content, thereby compromising confidentiality and integrity. The CVSS 3.0 base score is 5.4, reflecting a medium severity level, with an attack vector of network (remote), low attack complexity, requiring privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the vulnerable component. No known exploits have been reported in the wild, but the vulnerability's presence in collaboration platforms like GROWI poses a risk for insider threats or targeted attacks. The vulnerability was published on November 6, 2025, and remediation involves upgrading to version 7.2.10 or later where the issue is fixed.

For European organizations, this vulnerability can lead to unauthorized disclosure of sensitive internal information, session hijacking, or manipulation of collaborative content within GROWI instances. Since GROWI is often used for internal documentation and knowledge sharing, exploitation could facilitate lateral movement or privilege escalation in corporate networks. The requirement for an attacker to have page creation privileges limits the attack surface but does not eliminate risk, especially in environments with many users or weak access controls. The vulnerability could also be leveraged in targeted phishing or social engineering campaigns to execute malicious scripts in the browsers of employees. This may result in data breaches, reputational damage, and compliance violations under GDPR if personal or sensitive data is exposed. The medium severity suggests moderate urgency but should not be ignored given the potential for chained attacks.

1. Upgrade all GROWI instances to version 7.2.10 or later immediately to apply the official patch addressing this XSS vulnerability. 2. Review and tighten user permissions to restrict page creation and editing rights to trusted personnel only, minimizing the risk of malicious content insertion. 3. Implement Content Security Policy (CSP) headers to reduce the impact of potential XSS by restricting the execution of unauthorized scripts. 4. Educate users about the risks of interacting with untrusted or unexpected links within internal documentation platforms. 5. Monitor logs for unusual page creation or editing activities that could indicate exploitation attempts. 6. Conduct regular security assessments and penetration tests focusing on collaboration tools like GROWI to detect similar vulnerabilities early. 7. Consider deploying web application firewalls (WAFs) with XSS detection capabilities as an additional layer of defense.