CVE-2025-64049 is a stored cross-site scripting (XSS) vulnerability identified in REDAXO CMS version 5.20.0, specifically within its module management component. The vulnerability arises from insufficient sanitization or validation of user input in the Output code field of modules, allowing remote authenticated users with high privileges to inject arbitrary web scripts or HTML. When an article containing a slice that uses the compromised module is viewed or edited, the injected payload executes in the context of the victim's browser. This can lead to the theft of session cookies, unauthorized actions performed on behalf of the user, or the delivery of further malicious payloads. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) indicates that the attack can be launched remotely over the network with low attack complexity but requires the attacker to have high privileges (authenticated user with module editing rights) and user interaction (the victim must view or edit the affected article). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable module, impacting confidentiality and integrity but not availability. While no public exploits are currently known, the vulnerability poses a moderate risk due to the potential for privilege escalation and lateral movement within the CMS environment. REDAXO CMS is used primarily in European markets, often by small to medium enterprises and public sector entities for content management, making this vulnerability relevant for organizations relying on this platform for their web presence.

For European organizations using REDAXO CMS 5.20.0, this vulnerability could lead to unauthorized script execution within the CMS administrative interface or user-facing content, resulting in session hijacking, credential theft, or defacement of web content. The confidentiality of user sessions and integrity of published content are at risk, potentially damaging organizational reputation and trust. Attackers with authenticated access could leverage this XSS flaw to escalate privileges or pivot to other internal systems. Public sector websites and SMEs relying on REDAXO for critical communications may face disruption or data leakage. Although availability is not directly impacted, the indirect consequences of compromised integrity and confidentiality could lead to operational disruptions and compliance issues under GDPR if personal data is exposed or manipulated.

Organizations should immediately review and restrict access to module management features to only trusted, high-privilege users. Implement strict input validation and output encoding for the Output code field in REDAXO modules to prevent injection of malicious scripts. Since no official patch is currently linked, monitor REDAXO vendor advisories for updates and apply patches promptly once available. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the CMS environment. Conduct regular security audits and penetration testing focused on CMS components. Educate CMS administrators on the risks of injecting untrusted code and enforce multi-factor authentication to reduce the risk of compromised credentials. Consider isolating the CMS environment from critical internal networks to limit lateral movement in case of exploitation.