CVE-2025-68399 identifies a stored Cross-Site Scripting (XSS) vulnerability in the open-source ChurchCRM application, a church management system widely used for managing congregational data. The vulnerability exists in versions prior to 6.5.4 within the GroupEditor.php page, where the application fails to properly neutralize user input during web page generation. Specifically, when a user with permissions to view and modify groups creates a group role, they can inject malicious JavaScript code that is stored and later executed in the context of other users viewing the affected page. This stored XSS flaw arises from improper input sanitization, categorized under CWE-79. The CVSS 4.0 base score is 2.0, reflecting low severity due to the requirement for authenticated privileges (PR:L), no user interaction needed for exploitation (UI:P), and limited impact on confidentiality, integrity, and availability. The vulnerability does not allow privilege escalation or direct data exfiltration but could be leveraged for session hijacking or defacement if exploited. No known exploits have been reported in the wild, and the vendor addressed the issue in ChurchCRM version 6.5.4 by implementing proper input validation and output encoding. Organizations using affected versions should prioritize upgrading to eliminate this risk.

For European organizations using ChurchCRM, this vulnerability poses a limited but tangible risk. The primary impact is the potential execution of malicious scripts within the browser of users who have access to the group management interface, which could lead to session hijacking, unauthorized actions performed on behalf of users, or defacement of the application interface. However, the requirement that an attacker must have permissions to modify groups restricts exploitation to trusted insiders or compromised accounts. The low CVSS score reflects the limited scope and impact. Nevertheless, organizations with sensitive church management data or those subject to strict data protection regulations (e.g., GDPR) should consider the risk of unauthorized access or manipulation of user sessions as a compliance concern. The vulnerability could also be used as a foothold for further attacks if combined with other vulnerabilities or social engineering. The absence of known exploits reduces immediate risk but does not eliminate the need for remediation.

The primary mitigation is to upgrade ChurchCRM to version 6.5.4 or later, where the vulnerability is patched. Organizations should implement strict access controls to limit the number of users who have permissions to view and modify groups, reducing the attack surface. Conduct regular audits of user roles and permissions to ensure that only necessary personnel have elevated privileges. Employ web application firewalls (WAFs) with rules to detect and block common XSS payloads targeting the GroupEditor.php endpoint. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the application context. Educate administrators and users with elevated privileges about the risks of XSS and safe handling of input fields. Finally, monitor logs for suspicious activity related to group role creation or modification to detect potential exploitation attempts.