CVE-2025-65465 is a reflected Cross-Site Scripting (XSS) vulnerability found in the RaiseError function of Skrol29 TbsZip software versions 2.17 and earlier. The vulnerability occurs because the error handling mechanism outputs error messages containing user-controlled input from the filename parameter without proper sanitization or encoding. When an attacker crafts a malicious payload embedded in the filename parameter, this payload is reflected back in the error message and executed in the context of the victim's browser. This can lead to arbitrary script execution, enabling attackers to perform actions such as session hijacking, defacement, or redirecting users to malicious sites. The vulnerability is triggered remotely without requiring authentication but does require user interaction to activate the malicious payload, typically by convincing a user to open a crafted link or file. The scope of affected systems includes any environment running vulnerable versions of Skrol29 TbsZip that expose the vulnerable functionality to user input. The issue is resolved in version 2.18, which properly sanitizes the filename parameter before outputting error messages. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L) reflects that the attack is network-based with low complexity, no privileges required, user interaction necessary, and impacts confidentiality and integrity with a scope change due to the potential cross-origin impact of the XSS.

The primary impact of this vulnerability is the potential for attackers to execute arbitrary scripts in the context of users' browsers, which can lead to theft of sensitive information such as session cookies, credentials, or other personal data. This can further enable account takeover or unauthorized actions within web applications relying on Skrol29 TbsZip. The reflected XSS can also be used to deliver malware, perform phishing attacks, or manipulate web content to deceive users. Although the vulnerability does not directly compromise system availability or integrity of the backend systems, the exploitation can severely damage user trust and lead to reputational harm. Organizations that expose the vulnerable functionality to external users or customers are at higher risk, especially if the affected software is integrated into web-facing applications or services. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits following public disclosure.

Organizations should upgrade Skrol29 TbsZip to version 2.18 or later, where the vulnerability is fixed by proper sanitization of the filename parameter in error messages. Until the upgrade can be performed, it is advisable to implement input validation and output encoding on all user-supplied inputs, especially those reflected in error messages. Web application firewalls (WAFs) can be configured to detect and block common XSS payload patterns targeting the vulnerable parameter. Additionally, security teams should educate users about the risks of clicking on suspicious links or opening untrusted files that may trigger the vulnerability. Monitoring logs for unusual error message patterns or suspicious requests involving the filename parameter can help detect attempted exploitation. Finally, applying Content Security Policy (CSP) headers can reduce the impact of successful XSS by restricting script execution sources.