CVE-2025-70792 is a reflected Cross Site Scripting (XSS) vulnerability identified in Microweber version 2.0.19, specifically within the /admin/category/create endpoint. The vulnerability arises from improper sanitization or validation of the 'rel_id' parameter in HTTP requests. An attacker can craft a malicious URL embedding JavaScript payloads in the 'rel_id' parameter and trick an administrator into visiting this URL. Upon visiting, the malicious script executes in the context of the admin's browser session, allowing the attacker to perform actions such as stealing session cookies, performing unauthorized actions on behalf of the admin, or delivering further malware. This type of XSS is particularly dangerous because it requires only that an admin user be lured into clicking a link, without needing to authenticate or perform additional actions. The vulnerability was responsibly disclosed and addressed in Microweber version 2.0.20, which includes proper input validation and output encoding to prevent script injection. No public exploits have been reported, but the vulnerability remains critical due to the high privileges of the targeted user and the potential for significant compromise of the CMS and associated web assets.

For European organizations using Microweber CMS version 2.0.19 or earlier, this vulnerability poses a significant risk to the confidentiality and integrity of their web administration interfaces. Successful exploitation could lead to session hijacking of admin accounts, unauthorized content modification, defacement, or deployment of malicious scripts to site visitors. This could damage organizational reputation, lead to data breaches, or facilitate further attacks within the network. Given that the attack vector involves social engineering (luring an admin to click a malicious link), organizations with less mature security awareness programs are at higher risk. The availability impact is generally low unless attackers use the access to disrupt services. However, the breach of admin privileges can have cascading effects on the security posture of affected organizations. The threat is especially relevant for European entities in sectors with high reliance on web presence and content management, such as media, e-commerce, and public sector websites.

Organizations should immediately upgrade Microweber installations to version 2.0.20 or later, where the vulnerability is patched. Until upgrades are completed, administrators should be trained to recognize and avoid suspicious links, especially those targeting admin interfaces. Implementing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Web Application Firewalls (WAFs) should be configured to detect and block malicious payloads targeting the 'rel_id' parameter or suspicious URL patterns. Regular security awareness training focusing on phishing and social engineering can reduce the likelihood of successful exploitation. Additionally, monitoring admin account activity for anomalies and enforcing multi-factor authentication (MFA) for admin access can limit damage if credentials are compromised. Finally, organizations should audit their Microweber instances for signs of compromise and review logs for suspicious activity related to this endpoint.