CVE-2025-7887 is a cross-site scripting (XSS) vulnerability identified in Zavy86 WikiDocs versions up to 1.0.78. The vulnerability resides in the file template.inc.php, where improper handling of the 'path' argument allows an attacker to inject malicious scripts. This flaw enables remote attackers to execute arbitrary JavaScript code in the context of the victim's browser without requiring authentication. The vulnerability is classified as problematic with a CVSS 4.0 base score of 5.3 (medium severity), indicating moderate impact and ease of exploitation. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:P). The impact primarily affects confidentiality and integrity to a limited extent (VI:L), with no impact on availability or system integrity. The vulnerability is exploitable remotely by manipulating URL parameters or other inputs that influence the 'path' argument, leading to script injection and potential session hijacking, credential theft, or defacement. Although no known exploits are currently in the wild, the public disclosure of the exploit code increases the risk of exploitation. The vulnerability affects a wide range of versions (1.0.0 through 1.0.78), indicating that many deployments remain vulnerable if not patched or mitigated. The lack of official patches or mitigation links suggests that organizations must rely on other defensive measures until an update is available.

For European organizations using Zavy86 WikiDocs, this vulnerability poses a moderate risk. WikiDocs is typically used for internal documentation and knowledge sharing, so exploitation could lead to unauthorized access to sensitive corporate information or internal communications. Attackers could leverage XSS to steal session cookies, impersonate users, or inject malicious content that could spread malware or phishing attempts internally. This could result in reputational damage, data leakage, and potential compliance violations under GDPR if personal data is exposed. The remote exploitability and lack of required privileges make it easier for external attackers to target exposed WikiDocs instances. Organizations with public-facing WikiDocs installations are at higher risk, especially if they do not have additional web application firewalls or input validation controls. The medium severity suggests that while the threat is not critical, it should be addressed promptly to prevent escalation or chaining with other vulnerabilities.

1. Immediate mitigation should include implementing strict input validation and output encoding on the 'path' parameter to neutralize malicious scripts. 2. Deploy a Web Application Firewall (WAF) with rules to detect and block typical XSS payloads targeting WikiDocs. 3. Restrict access to WikiDocs instances to trusted networks or VPNs to reduce exposure. 4. Monitor web server logs for suspicious requests containing script tags or unusual characters in the 'path' parameter. 5. Educate users about the risks of clicking on suspicious links and encourage reporting of unexpected behavior. 6. If possible, isolate WikiDocs servers from critical infrastructure to limit lateral movement in case of compromise. 7. Regularly check for vendor updates or patches addressing this vulnerability and apply them promptly once available. 8. Consider implementing Content Security Policy (CSP) headers to restrict script execution sources and mitigate impact of injected scripts.