CVE-2025-62722 is a stored Cross-Site Scripting (XSS) vulnerability identified in Kovah LinkAce, a self-hosted web application used for archiving and sharing website links. The flaw exists in versions 2.3.1 and earlier within the social media sharing feature. Specifically, the vulnerability arises from improper neutralization of input during web page generation (CWE-79), where the title field of a link is not sanitized correctly. An authenticated user can inject arbitrary JavaScript code by creating a link with malicious HTML in the title. When other users access the link details page, the malicious script executes in their browsers. This execution can lead to theft of session cookies, unauthorized actions performed on behalf of users, or delivery of malware payloads. The vulnerability affects multiple sharing services integrated into LinkAce, broadening the attack surface. Exploitation requires the attacker to have authenticated access to create malicious links but does not require victim user interaction beyond viewing the infected page. The vulnerability has been assigned a CVSS 4.0 score of 8.7, reflecting high impact on confidentiality and integrity with low attack complexity and no user interaction needed. The issue was publicly disclosed on November 4, 2025, and fixed in LinkAce version 2.4.0. No known exploits have been reported in the wild as of the publication date.

For European organizations using Kovah LinkAce to manage and share web link archives, this vulnerability poses significant risks. Successful exploitation can lead to session hijacking, allowing attackers to impersonate legitimate users and access sensitive information or perform unauthorized actions within the application. This can compromise the confidentiality and integrity of stored data. Additionally, the ability to deliver malware through the XSS vector increases the risk of broader network compromise. Since LinkAce is often used in collaborative environments, the spread of malicious scripts can affect multiple users and systems. The requirement for attacker authentication limits exposure to internal or trusted users, but insider threats or compromised accounts could be leveraged. The vulnerability's presence in the social media sharing functionality may also expose organizations to reputational damage if malicious content is propagated externally. Given the high CVSS score and the critical role of LinkAce in information management, European entities should treat this vulnerability as a priority to avoid potential data breaches and operational disruptions.

European organizations should immediately upgrade all LinkAce instances to version 2.4.0 or later, where the vulnerability is patched. Until upgrades are completed, restrict access to the LinkAce application to trusted users only and enforce strong authentication and account monitoring to detect suspicious activity. Implement web application firewalls (WAFs) with custom rules to detect and block malicious scripts in HTTP requests targeting the title field or link creation endpoints. Conduct regular security training for users to recognize suspicious links and report anomalies. Review and sanitize all user-generated content before rendering, applying strict input validation and output encoding as a defense-in-depth measure. Additionally, monitor logs for unusual link creation patterns or repeated failed attempts to inject scripts. If feasible, isolate LinkAce instances from public internet access to reduce exposure. Finally, maintain an incident response plan to quickly address any detected exploitation attempts.