CVE-2025-7729 is a cross-site scripting (XSS) vulnerability identified in Scada-LTS versions up to 2.7.8.1, specifically within the usersProfiles.shtm file. The vulnerability arises from improper sanitization of the 'Username' parameter, allowing an attacker to inject malicious scripts. This flaw can be exploited remotely without requiring authentication, although user interaction is necessary to trigger the malicious payload. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits are currently observed in the wild. The vendor has acknowledged the issue and plans to address it in the upcoming 2.8.0 release. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required, but user interaction is needed to execute the attack. The impact primarily affects confidentiality and integrity at a low level, with no direct impact on availability or system control. Given that Scada-LTS is an open-source SCADA system used for industrial control and monitoring, this vulnerability could allow attackers to execute scripts in the context of legitimate users, potentially leading to session hijacking, credential theft, or manipulation of user interface elements, which could indirectly affect operational decisions or data integrity within industrial environments.

For European organizations, especially those operating critical infrastructure or industrial control systems using Scada-LTS, this vulnerability poses a risk of unauthorized script execution that could compromise user sessions or manipulate displayed data. While the direct impact on system availability or control is limited, the ability to execute scripts can facilitate phishing, credential theft, or lateral movement within networks. This is particularly concerning for sectors such as energy, manufacturing, water management, and transportation, where SCADA systems are integral. The medium severity suggests that while immediate catastrophic failure is unlikely, persistent exploitation could degrade trust in system data and user authentication mechanisms, potentially leading to operational disruptions or compliance issues under European cybersecurity regulations like NIS2. The remote exploitability without authentication increases the attack surface, especially if exposed to the internet or insufficiently segmented networks.

Organizations should prioritize upgrading to Scada-LTS version 2.8.0 once released, as it will contain the official patch for this vulnerability. In the interim, implement strict input validation and output encoding on the 'Username' parameter at the application or web server level to prevent script injection. Employ web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting the usersProfiles.shtm endpoint. Restrict network exposure of Scada-LTS interfaces by enforcing network segmentation and limiting access to trusted IP ranges only. Conduct user awareness training to recognize and avoid phishing attempts that could leverage this vulnerability. Regularly monitor logs for suspicious activities related to user profile modifications or unusual script executions. Additionally, consider deploying Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks by restricting the sources of executable scripts.