CVE-2025-7887 is a cross-site scripting (XSS) vulnerability identified in Zavy86 WikiDocs versions up to 1.0.78. The vulnerability arises from improper handling of the 'path' argument in the file template.inc.php, allowing an attacker to inject malicious scripts into the web application. This vulnerability is remotely exploitable without requiring authentication, and user interaction is needed to trigger the attack, typically by convincing a user to visit a crafted URL or interact with malicious content. The CVSS 4.0 base score is 5.3, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required. The vulnerability impacts the confidentiality and integrity of the affected system by enabling script execution in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. However, availability is not directly impacted. No patches or fixes have been linked yet, and no known exploits are reported in the wild, but public disclosure of the exploit code increases the risk of exploitation. The vulnerability affects a wide range of versions from 1.0.0 through 1.0.78, indicating a long-standing issue in the product.

For European organizations using Zavy86 WikiDocs, this vulnerability poses a significant risk to web application security, especially for those relying on WikiDocs for internal or external documentation. Successful exploitation could lead to unauthorized access to sensitive information, session hijacking, or the spread of malware through injected scripts. This could compromise user credentials and lead to further lateral movement within the network. Organizations in sectors such as government, finance, healthcare, and critical infrastructure, which often use wiki-based documentation platforms, may face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The remote and unauthenticated nature of the attack vector increases the likelihood of exploitation, particularly if the affected WikiDocs instances are publicly accessible or insufficiently protected. The medium severity rating suggests that while the vulnerability is serious, it may not lead to full system compromise on its own, but it can be a stepping stone for more complex attacks.

1. Immediate action should include identifying and inventorying all instances of Zavy86 WikiDocs within the organization to determine exposure. 2. Since no official patches are linked, organizations should implement web application firewall (WAF) rules to detect and block malicious payloads targeting the 'path' parameter. 3. Input validation and output encoding should be enforced at the application level to sanitize user inputs, particularly for the 'path' argument in template.inc.php. 4. Restrict access to WikiDocs instances by IP whitelisting or VPN access to reduce exposure to external attackers. 5. Educate users about the risks of clicking on suspicious links and implement browser security policies such as Content Security Policy (CSP) to mitigate the impact of XSS attacks. 6. Monitor logs for unusual activity related to WikiDocs access and anomalous script execution attempts. 7. Plan for an upgrade or patch deployment as soon as the vendor releases a fix. 8. Consider deploying runtime application self-protection (RASP) solutions to detect and block exploitation attempts in real time.