CVE-2025-7672 is a vulnerability identified in JiranSoft's CrossEditor4 software versions from 4.0.0.01 up to but not including 4.6.0.23. The flaw arises due to improper neutralization of input during web page generation, specifically classified under CWE-79 (Cross-site Scripting) and CWE-276 (Incorrect Default Permissions). This vulnerability is a Stored Cross-site Scripting (XSS) issue, meaning that malicious input can be persistently stored by the application and later executed in the context of users' browsers when they access affected pages. The root cause is an improper default setting in the API modules of CrossEditor4 across Windows, Linux, and Unix platforms, which fails to sanitize or encode user-supplied input correctly before rendering it in web pages. This allows attackers to inject malicious scripts that execute in the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed with the victim's privileges. The CVSS 4.0 base score is 2.3, indicating a low severity level, primarily because exploitation requires user interaction and the impact on confidentiality is limited. The vulnerability does not affect system integrity or availability, and no known exploits are currently reported in the wild. However, the presence of this vulnerability in a widely used document editing or collaboration tool like CrossEditor4 could be leveraged in targeted phishing or social engineering campaigns to compromise users within organizations.

For European organizations using JiranSoft CrossEditor4, this vulnerability could lead to targeted attacks where malicious actors inject scripts that execute in the browsers of employees or collaborators. While the direct technical impact is low, the exploitation could facilitate theft of session tokens, unauthorized access to sensitive documents, or lateral movement within the network if combined with other vulnerabilities or poor security controls. Organizations in sectors with high document collaboration needs—such as finance, legal, government, and research institutions—may be more at risk. The cross-platform nature of the vulnerability (Windows, Linux, Unix) increases the attack surface. Given the low CVSS score and lack of known exploits, the immediate risk is limited, but the vulnerability could be exploited in spear-phishing campaigns or insider threat scenarios, potentially leading to data leakage or reputational damage.

1. Upgrade CrossEditor4 to version 4.6.0.23 or later, where this vulnerability is addressed. 2. If immediate upgrade is not possible, implement strict input validation and output encoding on all user inputs processed by CrossEditor4, especially in API modules. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing CrossEditor4. 4. Conduct regular security awareness training to help users recognize and avoid phishing attempts that could exploit this vulnerability. 5. Monitor web application logs for unusual input patterns or script injection attempts. 6. Limit user privileges within CrossEditor4 to reduce the impact of potential script execution. 7. Use web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting CrossEditor4 endpoints. 8. Review and harden default permission settings related to CrossEditor4 API modules to prevent unauthorized access or misuse.