CVE-2025-8191 is a cross-site scripting (XSS) vulnerability identified in the macrozheng mall product, versions 1.0.0 through 1.0.3. The vulnerability resides in the Swagger UI component, specifically within the /swagger-ui/index.html file. The issue arises due to improper sanitization or validation of the 'configUrl' argument, which can be manipulated by an attacker to inject malicious scripts. This vulnerability is remotely exploitable without requiring authentication, though it does require some user interaction (e.g., a victim visiting a crafted URL). The vulnerability has been publicly disclosed, and while no known exploits are currently observed in the wild, the exploit details are available, increasing the risk of future exploitation. The vendor’s lack of response and removal of the GitHub issue without explanation suggests a lack of timely patching or mitigation guidance. The CVSS 4.0 base score is 5.1, indicating a medium severity level, with attack vector being network-based, low attack complexity, no privileges required, but user interaction needed. The impact primarily affects the confidentiality and integrity of user sessions or data accessible via the vulnerable Swagger UI interface, potentially allowing attackers to execute arbitrary JavaScript in the context of the victim’s browser, leading to session hijacking, credential theft, or further attacks within the user’s session context.

For European organizations using macrozheng mall versions up to 1.0.3, this vulnerability poses a moderate risk. Since Swagger UI is often used for API documentation and testing, the exposure of this interface to external or internal users could allow attackers to execute malicious scripts, compromising user sessions or stealing sensitive information. This could lead to unauthorized access to backend systems or data breaches. The impact is heightened in sectors where API security is critical, such as finance, healthcare, and e-commerce, which are prevalent in Europe. Additionally, the vendor’s apparent lack of response and absence of patches increases the window of exposure. Organizations relying on this product without adequate compensating controls may face reputational damage, regulatory penalties under GDPR if personal data is compromised, and operational disruptions. The medium severity rating suggests that while the vulnerability is not critical, it should be addressed promptly to prevent exploitation.

European organizations should take immediate steps to mitigate this vulnerability. First, restrict access to the Swagger UI interface to trusted internal networks or authenticated users only, using network segmentation and access control lists. If possible, disable or remove the Swagger UI component from production environments where it is not essential. Employ web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting the 'configUrl' parameter. Implement strict Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. Monitor web server logs for suspicious requests targeting /swagger-ui/index.html and the 'configUrl' parameter. Since no official patch is available, consider applying custom input validation or sanitization on the affected parameter if source code access is possible. Finally, maintain user awareness training to recognize phishing or social engineering attempts that might leverage this vulnerability.