CVE-2025-67875 is a critical security vulnerability affecting ChurchCRM, an open-source church management system, in versions prior to 6.5.3. The vulnerability arises from improper neutralization of input during web page generation, classified as CWE-79 (Cross-Site Scripting). Specifically, an authenticated user with mid-level permissions — namely 'Edit Records' and 'Manage Properties and Classifications' — can exploit two underlying flaws: an Insecure Direct Object Reference (IDOR) that permits viewing any user's profile, and Broken Access Control that allows modification of any user's record properties. By leveraging these, the attacker injects a persistent XSS payload into an administrator's profile. When the administrator subsequently views their profile page, the malicious script executes in their browser context, enabling session hijacking and unauthorized administrative actions, culminating in full account takeover. The vulnerability is remotely exploitable over the network without requiring elevated privileges beyond the specified mid-level permissions and requires only that the administrator views their profile page (user interaction). The CVSS 4.0 base score is 8.5, reflecting high severity due to the potential for complete administrative compromise and system control. No known exploits are currently reported in the wild. The issue is resolved in ChurchCRM version 6.5.3, which implements proper input validation and access control mechanisms to prevent unauthorized profile viewing and modification.

For European organizations using ChurchCRM, this vulnerability poses a significant risk of administrative account compromise, which can lead to unauthorized access to sensitive church member data, manipulation of records, and potential disruption of church operations. Given that ChurchCRM manages personal and organizational data, exploitation could result in confidentiality breaches, data integrity violations, and availability impacts if attackers modify or delete critical information. The ability to hijack administrator sessions and perform administrative actions could also facilitate further lateral movement or persistence within the organization's IT environment. The impact is particularly critical for organizations relying heavily on ChurchCRM for member management and communication, as trust and privacy are paramount. Additionally, regulatory compliance risks under GDPR arise if personal data is exposed or mishandled due to this vulnerability.

European organizations should immediately upgrade ChurchCRM installations to version 6.5.3 or later, where the vulnerability is patched. Until the update is applied, restrict mid-level permissions ('Edit Records' and 'Manage Properties and Classifications') to only trusted users and audit existing user roles to minimize exposure. Implement web application firewalls (WAFs) with rules to detect and block XSS payloads targeting profile pages. Conduct regular monitoring of administrator account activities for anomalies indicating possible compromise. Educate administrators to be cautious when viewing profiles and report suspicious behavior. Additionally, apply strict Content Security Policy (CSP) headers to limit script execution contexts and reduce XSS impact. Finally, perform periodic security assessments of ChurchCRM deployments to identify and remediate any residual access control weaknesses.