CVE-2025-64112 is a stored Cross-Site Scripting (XSS) vulnerability identified in Statamic CMS, a Laravel and Git-powered content management system widely used for managing web content. The vulnerability arises from improper neutralization of input during web page generation, specifically within the Collections and Taxonomies features. Authenticated users who have permissions to create or modify content can inject malicious JavaScript payloads into these components. When higher-privileged users view the compromised content, the injected scripts execute in their browsers, potentially allowing attackers to hijack sessions, steal credentials, perform actions on behalf of the victim, or pivot further into the network. The vulnerability requires the attacker to have at least content creation privileges and the victim to interact with the malicious content, which limits exploitation scope but still poses significant risk. The CVSS v3.1 base score is 8.0, reflecting high severity due to network attack vector, low attack complexity, required privileges, and user interaction. The vulnerability affects all Statamic CMS versions prior to 5.22.1, where the issue has been patched. No public exploits have been reported yet, but the vulnerability's nature and impact make it a critical concern for organizations relying on Statamic for content management.

For European organizations, this vulnerability can lead to severe consequences including unauthorized access to sensitive information, session hijacking, and potential full compromise of administrative accounts within the CMS environment. This can result in defacement, data leakage, or further lateral movement within corporate networks. Organizations in sectors such as government, finance, media, and e-commerce that rely on Statamic CMS for managing critical web content are particularly at risk. The exploitation could disrupt service availability and damage organizational reputation. Given the requirement for authenticated access, insider threats or compromised low-privilege accounts could be leveraged to escalate privileges and execute attacks. The impact extends beyond the CMS itself, as attackers could use the foothold to target backend systems or steal confidential data. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score indicates urgency.

1. Immediately upgrade all Statamic CMS instances to version 5.22.1 or later to apply the official patch addressing this vulnerability. 2. Restrict content creation permissions strictly to trusted users and regularly review user roles to minimize the attack surface. 3. Implement Content Security Policy (CSP) headers to reduce the impact of potential XSS payloads by restricting script execution sources. 4. Conduct regular audits of Collections and Taxonomies content for suspicious or unexpected script injections. 5. Employ web application firewalls (WAF) with rules tuned to detect and block XSS payloads targeting Statamic CMS. 6. Monitor logs and user activity for anomalous behavior indicative of exploitation attempts or privilege escalation. 7. Educate content creators and administrators about the risks of XSS and safe content handling practices. 8. Consider implementing multi-factor authentication (MFA) for CMS access to reduce risk from compromised credentials. 9. Isolate the CMS environment from critical backend systems to limit lateral movement in case of compromise.