CVE-2025-63522 identifies a Reverse Tabnabbing vulnerability in FeehiCMS version 2.1.1, specifically within the Comments Management function. Reverse Tabnabbing is a web-based attack technique where an attacker crafts a hyperlink that, when clicked, causes the original browser tab to be redirected to a malicious site controlled by the attacker. This is typically achieved by exploiting the target link’s lack of proper rel attributes such as "noopener" or "noreferrer" in anchor tags. In the context of FeehiCMS, the Comments Management function likely fails to sanitize or properly configure links posted by users, allowing an attacker to embed malicious links that can hijack the user’s browsing context. This can lead to phishing attacks, credential theft, or delivery of malware by deceiving users into believing they remain on a trusted site. The vulnerability was reserved on October 27, 2025, and published on December 1, 2025, but no CVSS score or patch information is currently available, and no known exploits have been reported in the wild. The absence of a CVSS score requires severity estimation based on the attack vector, impact, and exploitability. Reverse Tabnabbing requires user interaction (clicking a link) and does not directly compromise server integrity but can significantly impact user confidentiality and trust. FeehiCMS is a content management system used primarily in Chinese-speaking regions but also adopted by some European organizations for web content management, especially in niche sectors. The vulnerability highlights the importance of secure link handling in user-generated content to prevent social engineering attacks. Until a patch is released, administrators should consider manual mitigations such as adding rel="noopener noreferrer" to all external links in comments and educating users about the risks of clicking suspicious links.

The primary impact of CVE-2025-63522 is on user confidentiality and trust rather than direct system compromise. If exploited, attackers can redirect users from legitimate FeehiCMS-based websites to malicious sites, enabling phishing attacks, credential theft, or malware delivery. For European organizations, this can lead to reputational damage, loss of user trust, and potential data breaches if credentials are stolen. Organizations with public-facing websites that allow user comments are particularly vulnerable, as attackers can embed malicious links in comments. The vulnerability does not directly affect the integrity or availability of the FeehiCMS platform but can indirectly cause harm through social engineering. The lack of known exploits reduces immediate risk, but the ease of exploitation (requiring only user clicks on crafted links) means the threat could escalate quickly once exploited. European sectors such as media, education, and government websites that rely on FeehiCMS or similar CMS platforms are at higher risk due to their public interaction and potential for targeted phishing campaigns. The impact is medium severity due to the indirect nature of the attack and the requirement for user interaction.

1. Apply patches or updates from FeehiCMS as soon as they become available to address this vulnerability. 2. In the absence of an official patch, manually modify the Comments Management function to add rel="noopener noreferrer" attributes to all external links in user-generated comments to prevent tabnabbing. 3. Implement Content Security Policy (CSP) headers that restrict navigation and frame ancestors to trusted domains to reduce the risk of malicious redirects. 4. Sanitize and validate all user inputs in comments to prevent injection of malicious HTML or JavaScript. 5. Educate website administrators and users about the risks of clicking on suspicious links, especially in comment sections. 6. Monitor comment sections for suspicious or malicious links and remove them promptly. 7. Consider disabling or restricting hyperlink posting in comments if feasible. 8. Use web application firewalls (WAF) to detect and block suspicious payloads targeting comment functionalities. These steps go beyond generic advice by focusing on specific CMS functions and user interaction vectors relevant to this vulnerability.