CVE-2025-70849 is a security vulnerability identified in the podinfo application up to version 6.9.0. The flaw allows unauthenticated attackers to upload arbitrary files by sending specially crafted POST requests to the /store endpoint. Podinfo fails to enforce adequate Content-Type validation on uploaded files and does not implement a restrictive Content-Security-Policy (CSP). This combination enables attackers to store malicious scripts that are later rendered and executed in the context of users' browsers, resulting in a stored cross-site scripting (XSS) attack. Stored XSS can lead to session hijacking, credential theft, unauthorized actions on behalf of users, and potential pivoting within the affected environment. The vulnerability does not require authentication or user interaction, making it easier to exploit remotely. Although no public exploits have been reported yet, the vulnerability is publicly disclosed and documented in the CVE database. The lack of a CVSS score means severity must be assessed based on the impact on confidentiality, integrity, and availability, ease of exploitation, and scope. Podinfo is commonly used in cloud-native and microservices environments, often in European organizations adopting modern DevOps practices, increasing the relevance of this vulnerability in those contexts.

For European organizations, exploitation of CVE-2025-70849 could lead to significant security incidents including unauthorized access to user sessions, data leakage, and potential compromise of internal systems if attackers leverage the XSS to escalate privileges or move laterally. Organizations using podinfo in production or development environments risk reputational damage, regulatory penalties under GDPR if personal data is compromised, and operational disruptions. The vulnerability's ability to be exploited without authentication or user interaction increases the attack surface and likelihood of successful attacks. Additionally, stored XSS can be used to deliver further malware or phishing attacks targeting European users. The impact is particularly critical for sectors handling sensitive data such as finance, healthcare, and government services within Europe.

1. Immediately monitor for updates or patches from the podinfo maintainers and apply them as soon as they become available. 2. Implement strict Content-Security-Policy (CSP) headers to restrict the execution of untrusted scripts and reduce the impact of stored XSS. 3. Enforce rigorous Content-Type validation on all uploaded files to ensure only expected file types are accepted. 4. Restrict file upload permissions to authenticated and authorized users where possible, even though the vulnerability allows unauthenticated uploads. 5. Conduct regular security audits and penetration testing focusing on file upload functionalities. 6. Employ web application firewalls (WAFs) with rules designed to detect and block malicious payloads targeting the /store endpoint. 7. Educate developers and DevOps teams on secure coding and configuration practices related to file uploads and CSP implementation. 8. Monitor logs and network traffic for unusual POST requests to the /store endpoint to detect potential exploitation attempts early.