CVE-2025-65027 affects RomM (ROM Manager), a software application used to manage game collections. The vulnerability arises from multiple unrestricted file upload weaknesses that allow authenticated users to upload malicious SVG or HTML files containing embedded JavaScript. When these files are accessed by other users or administrators, the browser executes the embedded scripts, resulting in stored Cross-Site Scripting (CWE-79). This stored XSS can be leveraged to perform unauthorized actions within the application. The threat is exacerbated by a Cross-Site Request Forgery (CSRF) misconfiguration (CWE-352), which allows attackers to bypass normal request validation and perform state-changing operations without user consent. Together, these flaws enable attackers to escalate their privileges from authenticated users to full administrative control, including creating rogue admin accounts and potentially compromising the entire application environment. The vulnerability also involves improper file upload handling (CWE-434), as the application fails to restrict or sanitize uploaded file types adequately. The CVSS v3.1 base score is 7.6 (High), reflecting network attack vector, low attack complexity, required privileges at the user level, and user interaction needed. The impact covers confidentiality (limited), integrity (high), and availability (high). The vulnerability was published on December 3, 2025, and fixed in RomM versions 4.4.1 and 4.4.1-beta.2. No known exploits have been reported in the wild to date.

For European organizations using RomM to manage game collections or related digital assets, this vulnerability poses significant risks. Attackers with authenticated access can escalate privileges to administrative levels, potentially gaining full control over the application and its data. This can lead to unauthorized data modification, deletion, or leakage, impacting confidentiality and integrity. The ability to create rogue admin accounts undermines trust and complicates incident response. Additionally, the exploitation could disrupt service availability if attackers manipulate or disable critical functions. Organizations in sectors such as gaming, digital entertainment, or software distribution that rely on RomM are particularly at risk. The combined XSS and CSRF flaws increase the attack surface, making exploitation easier and more impactful. Given the network-exploitable nature and low complexity, the threat could be leveraged in targeted attacks or insider threat scenarios. The absence of known active exploits provides a window for proactive mitigation, but the high severity score demands urgent attention.

1. Immediately upgrade RomM installations to version 4.4.1 or later, where the vulnerability is patched. 2. Implement strict server-side validation and sanitization of uploaded files, restricting file types to only those necessary and verifying file content beyond extensions. 3. Enforce Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 4. Correct CSRF protections by implementing anti-CSRF tokens on all state-changing requests and validating the origin of requests. 5. Conduct regular security audits and penetration testing focusing on file upload functionalities and session management. 6. Monitor logs for unusual file uploads or privilege escalation attempts. 7. Educate users about the risks of uploading untrusted files and the importance of secure authentication practices. 8. If immediate patching is not possible, consider disabling file upload features or restricting them to highly trusted users only. 9. Deploy Web Application Firewalls (WAFs) with rules to detect and block malicious payloads in file uploads and XSS attempts. 10. Maintain an incident response plan to quickly address any signs of compromise related to this vulnerability.