CVE-2025-7392 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Drupal Cookies Addons module versions from 1.0.0 up to but not including 1.2.4. This vulnerability arises due to improper neutralization of input during web page generation, specifically in how the Cookies Addons module processes user-supplied input. An attacker can exploit this flaw by injecting malicious scripts into web pages generated by the vulnerable module, which are then executed in the context of users' browsers. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be performed remotely over the network without privileges or authentication but requires user interaction (e.g., clicking a crafted link). The scope is changed, meaning the vulnerability affects resources beyond the vulnerable component itself. The impact affects confidentiality and integrity to a limited extent but does not impact availability. No known exploits are currently reported in the wild, and no patches are linked yet, suggesting that the vulnerability is newly disclosed. The Drupal Cookies Addons module is used to manage cookie-related functionalities in Drupal-based websites, which are widely deployed across various sectors. The vulnerability could allow attackers to steal session cookies, perform actions on behalf of users, or conduct phishing attacks by injecting malicious scripts, thereby compromising user data and trust.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Drupal-based websites that utilize the Cookies Addons module. Given Drupal's popularity in government, education, and enterprise sectors across Europe, exploitation could lead to unauthorized access to sensitive user information, session hijacking, and potential defacement or manipulation of web content. This can result in reputational damage, legal liabilities under GDPR due to data breaches, and operational disruptions. Since the vulnerability requires user interaction, phishing campaigns targeting European users could be an effective attack vector. The confidentiality and integrity of user data are at risk, which is critical for sectors handling personal or financial information. Although availability is not directly impacted, the indirect effects of compromised trust and potential regulatory fines could be substantial.

European organizations should immediately audit their Drupal installations to identify the presence of the Cookies Addons module and verify the version in use. Upgrading to version 1.2.4 or later, once available, is essential to remediate the vulnerability. In the interim, organizations should implement strict Content Security Policies (CSP) to restrict script execution and reduce XSS risks. Input validation and output encoding should be reviewed and enhanced in custom modules or themes interacting with Cookies Addons. Web Application Firewalls (WAFs) can be configured to detect and block typical XSS attack patterns targeting this module. User awareness training should emphasize caution with unsolicited links or inputs to mitigate the user interaction requirement. Additionally, monitoring web logs for unusual requests or script injections can help detect exploitation attempts early. Organizations should also subscribe to Drupal security advisories to receive timely updates and patches.