CVE-2025-7761 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in the Akcess-Net product Lepszy BIP, specifically affecting the index.php form parameter. The vulnerability arises due to improper neutralization of input during web page generation (CWE-79), allowing an attacker to craft a malicious URL containing arbitrary JavaScript code. When a victim opens this specially crafted URL, the injected script executes in their browser context. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites. The vulnerability requires no authentication and can be exploited remotely over the network with low attack complexity. The vendor was notified but has not responded or provided any patch, and potentially all versions of Lepszy BIP are affected. The CVSS v4.0 base score is 5.1 (medium severity), reflecting network attack vector, no privileges required, no user interaction needed beyond clicking a malicious link, and limited scope impact confined to the vulnerable web application. No known exploits are currently reported in the wild. The vulnerability is significant because Lepszy BIP is used for public information bulletin systems, which may contain sensitive or official information, making the integrity and trustworthiness of displayed content critical.

For European organizations, particularly public sector entities using Lepszy BIP for disseminating official information, this vulnerability poses risks to the confidentiality and integrity of user sessions and data. Attackers could exploit the XSS flaw to steal cookies or tokens, impersonate users, or manipulate displayed content, undermining public trust and potentially leading to misinformation or phishing attacks targeting citizens or employees. The reflected nature of the XSS means attacks rely on social engineering (e.g., convincing users to click malicious links), which can be effective in targeted campaigns. Additionally, compromised browsers could be used as a pivot point for further attacks within organizational networks. Given the lack of vendor response and patch, affected organizations face prolonged exposure, increasing the risk of exploitation over time.

Organizations should implement immediate compensating controls such as deploying Web Application Firewalls (WAFs) with rules to detect and block malicious input patterns targeting the vulnerable parameter in index.php. Input validation and output encoding should be enforced at the application layer to sanitize user-supplied data, ideally by modifying the source code to properly neutralize inputs before rendering. If source code modification is not feasible, organizations can implement content security policies (CSP) to restrict script execution contexts and reduce the impact of injected scripts. User awareness campaigns should educate users about the risks of clicking suspicious links. Monitoring web server logs for unusual query parameters and anomalous traffic patterns can help detect attempted exploitation. Finally, organizations should engage with the vendor or consider migrating to alternative solutions if no patch is forthcoming.