CVE-2025-68401 is a stored cross-site scripting (XSS) vulnerability identified in ChurchCRM, an open-source church management system. The flaw exists in versions prior to 6.0.0 due to improper neutralization of user-supplied input during web page generation (CWE-79). Specifically, the application stores HTML and JavaScript content submitted by users without sufficient sanitization or encoding. When other users access pages containing this malicious content, the embedded scripts execute within their browsers under the same origin policy as the application. This enables attackers to perform actions on behalf of victims, access sensitive web origin data, and potentially hijack sessions if cookies are not marked HttpOnly. The vulnerability requires no authentication but does require user interaction (viewing the malicious content). The CVSS 4.0 vector indicates a network attack vector, low attack complexity, no privileges required, user interaction needed, and high scope impact. Although no known exploits are reported in the wild, the risk of session theft and account compromise is significant, especially in environments where session cookie security is lax. The issue is resolved in ChurchCRM version 6.0.0, which implements proper input sanitization and encoding to prevent script injection.

For European organizations using ChurchCRM, this vulnerability poses risks including unauthorized access to user accounts, data leakage, and potential manipulation of CRM data through hijacked sessions. Given that ChurchCRM manages sensitive church and community data, exploitation could lead to privacy violations and reputational damage. The ability to execute arbitrary JavaScript in users' browsers can also facilitate phishing, malware delivery, or lateral movement within the organization's network. The impact is heightened in environments where session cookies are not secured with HttpOnly flags, increasing the likelihood of session theft and account takeover. Although no active exploits are known, the medium severity rating and ease of exploitation via user interaction necessitate prompt remediation to protect confidentiality and integrity of organizational data.

European organizations should immediately upgrade ChurchCRM installations to version 6.0.0 or later, which contains the necessary patches to sanitize and encode user input properly. Additionally, administrators should enforce secure cookie attributes, including HttpOnly and Secure flags, to prevent client-side script access to session cookies. Implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts and reduce XSS impact. Conduct regular security audits and input validation reviews on all user-generated content fields. Educate users to recognize suspicious content and avoid interacting with untrusted inputs. Where possible, isolate ChurchCRM instances behind web application firewalls (WAFs) configured to detect and block XSS payloads. Finally, monitor logs for unusual activity indicative of exploitation attempts.