CVE-2025-66403 is a stored cross-site scripting vulnerability identified in the FileRise web-based file manager before version 2.2.3. FileRise allows users to upload and manage files through a web interface, including SVG images. SVG files are XML-based and can embed JavaScript, which can be executed by browsers when the SVG is rendered. The vulnerability stems from FileRise's failure to sanitize or restrict embedded scripts within uploaded SVG files. An attacker with authenticated access can upload a crafted SVG containing malicious JavaScript payloads. When other users view the SVG within the application, the embedded script executes in the application's origin context, enabling full stored XSS. This can lead to session hijacking, unauthorized actions, or data theft within the scope of the application. The vulnerability requires user interaction to view the malicious SVG and privileges to upload files, limiting its exploitation scope. The CVSS 3.1 base score is 4.6, indicating medium severity due to the low impact on confidentiality and integrity, no availability impact, and the need for authentication and user interaction. No public exploits have been reported yet. The issue is resolved in FileRise version 2.2.3 by implementing proper sanitization or restrictions on SVG uploads to prevent script execution. Organizations using vulnerable versions should prioritize patching to mitigate risks.

For European organizations, this vulnerability can lead to unauthorized script execution within the FileRise application context, potentially compromising user sessions, stealing sensitive data, or performing unauthorized actions on behalf of users. Since FileRise is a self-hosted file manager, exploitation could allow attackers to pivot within internal networks or escalate privileges if the application is integrated with other systems. The impact is primarily on confidentiality and integrity, with no direct availability impact. Organizations handling sensitive or regulated data are at higher risk due to potential data leakage or manipulation. The requirement for authenticated upload and user interaction reduces the likelihood of widespread exploitation but does not eliminate targeted attacks. Industries such as finance, healthcare, and government agencies using FileRise for file management are particularly vulnerable. The medium severity rating suggests that while the threat is not critical, it warrants timely remediation to prevent exploitation. Failure to address this vulnerability could lead to reputational damage and compliance issues under European data protection regulations like GDPR.

1. Upgrade FileRise to version 2.2.3 or later immediately to apply the official fix that sanitizes SVG uploads. 2. Implement strict file upload policies restricting SVG files or disallowing SVG uploads if not essential. 3. Use server-side content sanitization tools to strip scripts and event handlers from SVG files before storage or rendering. 4. Employ Content Security Policy (CSP) headers to restrict script execution and mitigate XSS impact if exploitation occurs. 5. Monitor file upload logs and user activities for suspicious SVG uploads or unusual behavior. 6. Educate users about the risks of uploading untrusted files and encourage cautious handling of file uploads. 7. Conduct regular security assessments and penetration testing focused on file upload functionalities. 8. Isolate the FileRise application environment to limit lateral movement in case of compromise. 9. Review and tighten authentication and authorization controls to minimize the number of users able to upload files. 10. Maintain up-to-date backups to recover quickly from any potential compromise.