CVE-2025-67984 is a DOM-based Cross-site Scripting (XSS) vulnerability identified in calliko's NPS computy product, affecting versions up to and including 2.8.2. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious actors to inject and execute arbitrary JavaScript code within the victim's browser context. Unlike reflected or stored XSS, DOM-based XSS occurs entirely on the client side, exploiting the way the web application processes data in the Document Object Model (DOM). This type of vulnerability can be particularly insidious because it may bypass traditional server-side input validation and filtering mechanisms. The CVSS 3.1 base score of 7.1 indicates a high-severity issue, with attack vector being network-based (remote), low attack complexity, no privileges required, but requiring user interaction. The scope is changed, meaning the vulnerability can affect components beyond the initially vulnerable module. The impact includes partial loss of confidentiality, integrity, and availability, as attackers can steal sensitive data, manipulate client-side logic, or disrupt user sessions. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to organizations relying on NPS computy for network performance monitoring and analysis. The lack of available patches at the time of publication necessitates immediate attention to mitigation strategies.

The exploitation of this DOM-based XSS vulnerability can have serious consequences for organizations worldwide. Attackers can execute arbitrary scripts in the context of authenticated users, potentially stealing session tokens, credentials, or sensitive information displayed by the application. This can lead to unauthorized access, data leakage, and further compromise of internal systems. Additionally, attackers might manipulate the client-side logic to perform unauthorized actions or disrupt normal operations, impacting availability. Since NPS computy is used for network performance monitoring, a compromised instance could lead to inaccurate monitoring data, affecting decision-making and network reliability. The requirement for user interaction means phishing or social engineering tactics could be employed to trigger the exploit. The vulnerability's presence in a network monitoring tool increases the risk profile, as attackers gaining foothold here could pivot to other critical infrastructure components. Organizations with large deployments of NPS computy or those in sectors relying heavily on network performance data are particularly vulnerable.

1. Immediate mitigation should focus on implementing strict client-side input validation and sanitization to prevent malicious script injection. 2. Deploy a robust Content Security Policy (CSP) that restricts the execution of untrusted scripts and limits sources of executable code. 3. Educate users to recognize and avoid phishing attempts or suspicious links that could trigger the XSS payload. 4. Monitor web application logs and client-side behavior for unusual activities indicative of exploitation attempts. 5. Segregate and limit access to NPS computy interfaces to trusted networks and users to reduce exposure. 6. Once available, promptly apply official patches or updates from calliko addressing this vulnerability. 7. Consider using web application firewalls (WAFs) with rules tailored to detect and block DOM-based XSS attacks. 8. Conduct regular security assessments and penetration testing focusing on client-side vulnerabilities. 9. Review and harden the application's JavaScript code to avoid unsafe DOM manipulations and use secure coding practices. 10. Maintain an incident response plan that includes procedures for XSS attack detection and remediation.