CVE-2025-66561 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 affecting Syslifters' sysreptor, a customizable pentest reporting platform. The flaw exists in versions prior to 2025.102 and allows authenticated users to upload files containing malicious JavaScript through the web interface. When other authenticated users access the affected pages, the malicious script executes in their browser context, enabling attackers to hijack sessions, steal sensitive data, or perform actions on behalf of the victim user. The vulnerability arises due to improper neutralization of input during web page generation, meaning the application fails to sanitize or encode user-supplied content properly before rendering it. Exploitation requires the attacker to have valid credentials and to convince or trick other users into viewing the malicious content, which involves user interaction. The CVSS v3.1 score is 7.3, indicating high severity, with attack vector as network, low attack complexity, requiring privileges, and user interaction. The vulnerability impacts confidentiality and integrity but not availability. No public exploits have been reported yet, but the risk remains significant given the nature of the platform and the stored XSS vector. The vendor has addressed the issue in version 2025.102 by implementing proper input sanitization and output encoding to prevent script injection.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive pentest reports and related data managed within sysreptor. Attackers exploiting this flaw could hijack user sessions, steal credentials, or manipulate report contents, potentially leading to unauthorized disclosure of vulnerabilities or internal security assessments. This could undermine trust in security processes and expose organizations to further attacks. Since sysreptor is used in penetration testing workflows, compromised reports could mislead security teams or leak sensitive information about network architectures and vulnerabilities. The requirement for authentication limits exposure to internal or trusted users, but insider threats or compromised accounts increase risk. The absence of known exploits reduces immediate threat but does not eliminate the potential for targeted attacks. Organizations in Europe with active pentesting and cybersecurity operations using sysreptor should consider this a high-priority issue.

1. Upgrade sysreptor installations to version 2025.102 or later immediately to apply the official patch that fixes the XSS vulnerability. 2. Restrict access to the sysreptor web UI to trusted and verified users only, employing strong authentication mechanisms such as multi-factor authentication (MFA). 3. Implement strict input validation and output encoding policies on any custom integrations or extensions interacting with sysreptor to prevent injection of malicious scripts. 4. Monitor user activity logs for unusual file uploads or access patterns that could indicate exploitation attempts. 5. Educate users about the risks of interacting with untrusted content within the platform and encourage cautious behavior when reviewing reports or uploaded files. 6. Consider deploying web application firewalls (WAF) with rules targeting XSS payloads as an additional layer of defense. 7. Conduct regular security audits and penetration tests focusing on internal tools like sysreptor to detect and remediate similar vulnerabilities proactively.