CVE-2025-65480 is a security vulnerability identified in Pacom Unison Client version 5.13.1. The issue arises from the ability of authenticated users to inject malicious scripts into the Report Templates feature of the software. These scripts are executed when certain script conditions within the reporting engine are fulfilled, enabling remote code execution on the host system. This means that an attacker with valid credentials can leverage the scripting functionality intended for report customization to execute arbitrary code, potentially gaining control over the affected system. The vulnerability exploits the trust boundary within the application’s template processing logic, where insufficient input validation or sanitization allows script injection. Although the vulnerability requires authentication, the impact is severe because it can lead to full system compromise, data theft, or lateral movement within a network. No public exploits have been reported yet, and no official patch or CVSS score is currently available. The vulnerability was reserved in November 2025 and published in February 2026, indicating recent discovery. Pacom Unison Client is typically used in building management and security systems, making this vulnerability particularly critical in environments where these systems are integrated with physical security or operational technology.

For European organizations, the impact of CVE-2025-65480 could be substantial, especially for those in sectors relying on Pacom Unison Client for building security and management, such as government facilities, critical infrastructure, and large enterprises. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially leading to unauthorized access, data breaches, disruption of building management operations, or manipulation of security controls. This could compromise physical security and safety, cause operational downtime, and result in regulatory non-compliance under GDPR or other data protection laws. The requirement for authentication limits the attack surface but does not eliminate risk, as insider threats or compromised credentials could be leveraged. The absence of known exploits provides a window for proactive mitigation but also means organizations must be vigilant for emerging threats. The vulnerability could also facilitate lateral movement within networks, increasing the risk of broader compromise.

To mitigate CVE-2025-65480, European organizations should implement the following specific measures: 1) Restrict Report Template editing permissions strictly to trusted administrators to reduce the risk of malicious script injection. 2) Monitor and audit changes to report templates and scripting activities for unusual or unauthorized modifications. 3) Employ network segmentation to isolate Pacom Unison Client servers from critical network segments to limit lateral movement. 4) Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 5) Engage with Pacom for timely patch releases and apply updates promptly once available. 6) Conduct internal security assessments and penetration testing focusing on the report template functionality to identify potential exploitation paths. 7) Educate users with access about the risks of script injection and the importance of secure credential handling. 8) Implement endpoint detection and response (EDR) solutions to detect anomalous script execution or code injection behaviors on affected hosts.