CVE-2025-62149 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in the SaifuMak Add Custom Codes product up to version 4.80. The flaw stems from improper neutralization of input during the generation of web pages, which allows an attacker to inject malicious scripts that are stored and later executed in the context of other users’ browsers. This vulnerability requires the attacker to have high privileges (PR:H) and user interaction (UI:R) to be exploited, but it can be triggered remotely over the network (AV:N). The vulnerability affects confidentiality, integrity, and availability to a limited extent, as indicated by the CVSS vector (C:L/I:L/A:L). The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and assigned a CVSS score of 5.9, indicating medium severity. Attackers exploiting this vulnerability could perform actions such as stealing session cookies, defacing web content, or conducting phishing attacks by injecting malicious JavaScript code. The vulnerability is particularly dangerous in environments where multiple users interact with the affected web application, as the stored XSS payload can affect any user viewing the compromised content. The lack of patches emphasizes the need for immediate mitigation through configuration and access control.

For European organizations, this vulnerability poses a moderate risk primarily to web applications using SaifuMak Add Custom Codes. Exploitation could lead to unauthorized access to user sessions, data leakage, or manipulation of web content, potentially damaging organizational reputation and user trust. Given the stored nature of the XSS, multiple users could be affected once malicious code is injected. This is especially critical for sectors handling sensitive personal data under GDPR, such as finance, healthcare, and government services. The requirement for high privileges to inject code limits the attack surface but also highlights the importance of strict access control. The vulnerability could be leveraged in targeted attacks against organizations with web portals or CMS platforms using this product, leading to lateral movement or further exploitation. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability details are widely known.

1. Implement strict input validation and output encoding on all user-supplied data within the Add Custom Codes interface to prevent script injection. 2. Restrict the ability to add custom codes to only the most trusted and necessary users, minimizing the number of accounts with high privileges. 3. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 4. Monitor and audit logs for unusual activity related to code injection or privilege escalation attempts. 5. Isolate the affected application environment to reduce the impact scope if exploitation occurs. 6. Regularly update and patch the SaifuMak Add Custom Codes product once official fixes become available. 7. Educate administrators and users about the risks of stored XSS and the importance of cautious code additions. 8. Use web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting this product. 9. Conduct penetration testing focused on input validation and stored XSS vectors to identify residual risks.