CVE-2025-62722 is a Stored Cross-Site Scripting (XSS) vulnerability identified in Kovah LinkAce, a self-hosted web application designed to archive and share website links. The flaw exists in versions 2.3.1 and earlier within the social media sharing functionality. Specifically, the vulnerability arises because the application fails to properly neutralize input in the title field of links when generating web pages. An authenticated user can create a link with malicious HTML/JavaScript embedded in the title. When other users access the link details page, the malicious script executes in their browsers. This execution can lead to theft of session cookies, unauthorized actions performed on behalf of users, or delivery of malware payloads. The vulnerability affects multiple sharing services integrated into LinkAce, broadening the attack surface. Exploitation requires the attacker to have authenticated access to create malicious links but does not require victim interaction beyond viewing the infected page. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting its high severity due to network attack vector, low attack complexity, no privileges required beyond authentication, no user interaction needed, and high impact on confidentiality and integrity. The issue was publicly disclosed on November 4, 2025, and fixed in LinkAce version 2.4.0. No known exploits have been reported in the wild to date, but the potential impact on user sessions and data integrity is significant.

For European organizations using self-hosted LinkAce instances, this vulnerability poses a serious risk to the confidentiality and integrity of user sessions and data. Attackers with authenticated access can inject malicious scripts that execute in the browsers of other users, potentially leading to session hijacking, unauthorized actions, or malware infections. This could result in data breaches, loss of user trust, and operational disruptions. Since LinkAce is often used to manage and share curated link collections, exploitation could also facilitate phishing or further lateral attacks within an organization. The impact is heightened in environments where LinkAce is integrated with sensitive workflows or where multiple users have access to the platform. Given the vulnerability affects multiple social media sharing services, the risk extends to external exposure if links are shared beyond the organization. The lack of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score underscores the urgency of patching.

1. Upgrade all LinkAce instances to version 2.4.0 or later immediately to apply the official fix. 2. Restrict authenticated user permissions to only trusted personnel to minimize the risk of malicious link creation. 3. Implement web application firewalls (WAFs) with rules to detect and block common XSS payloads targeting LinkAce endpoints. 4. Conduct regular audits of link titles and shared content for suspicious HTML or JavaScript code. 5. Educate users about the risks of clicking on shared links within LinkAce and encourage reporting of unusual behavior. 6. Where possible, isolate LinkAce instances within secure network segments to limit exposure. 7. Monitor logs for unusual activity related to link creation and access patterns. 8. Consider deploying Content Security Policy (CSP) headers to restrict script execution sources on LinkAce pages. These steps go beyond generic advice by focusing on access control, monitoring, and layered defenses specific to the application context.