CVE-2025-67833 is a cross-site scripting (XSS) vulnerability identified in Paessler PRTG Network Monitor prior to version 25.4.114. The vulnerability arises from insufficient sanitization of the 'tag' parameter, which is accessible without authentication. An attacker can craft a malicious URL containing a specially crafted 'tag' parameter that, when visited by a legitimate user, executes arbitrary JavaScript in the context of the victim's browser session. This can lead to theft of session cookies, unauthorized actions performed on behalf of the user, or redirection to malicious sites. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction, and a scope change with partial impact on confidentiality and integrity but no impact on availability. No patches are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability affects all versions before 25.4.114, though exact affected versions are not specified. Given PRTG's role in network monitoring, exploitation could undermine trust in monitoring data or facilitate further attacks within the network.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of monitoring data and user sessions within PRTG Network Monitor environments. Successful exploitation could allow attackers to hijack sessions of network administrators or users with access to the monitoring dashboard, potentially enabling unauthorized viewing or manipulation of network status information. This could lead to delayed detection of network issues or misinformed operational decisions. While availability is not directly impacted, the indirect effects on network security posture could be significant, especially in critical infrastructure sectors such as energy, finance, and telecommunications. The requirement for user interaction limits mass exploitation but targeted phishing campaigns could be effective. Organizations relying heavily on PRTG for real-time monitoring should be particularly vigilant, as compromised monitoring tools can serve as a foothold for lateral movement within internal networks.

European organizations should immediately verify their PRTG Network Monitor version and plan to upgrade to version 25.4.114 or later once available. In the absence of an official patch, implement strict input validation and sanitization on the 'tag' parameter if custom integrations or proxies are used. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the PRTG interface. Educate users, especially network administrators, about the risks of clicking on suspicious links and implement email filtering to reduce phishing attempts. Monitor web server logs and application logs for unusual requests containing suspicious 'tag' parameter values. Consider isolating the PRTG interface behind VPNs or access control lists to limit exposure to unauthenticated external users. Regularly review and update incident response plans to include scenarios involving web interface compromises.