CVE-2025-8589 is a reflected Cross-site Scripting (XSS) vulnerability categorized under CWE-79 in the SKSPro product by AKCE Software Technology R&D Industry and Trade Inc. It arises from improper neutralization of input during web page generation, enabling attackers to inject and execute malicious scripts via crafted requests. The vulnerability affects SKSPro versions through 07012026 and has a CVSS 3.1 base score of 7.6, reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, unchanged scope, and impacts on confidentiality (low), integrity (low), and availability (high). No patch or official remediation is currently documented, and the product is not a cloud service, so remediation depends on vendor updates.

Successful exploitation of this reflected XSS vulnerability can lead to execution of arbitrary scripts in the context of the victim's browser session. This may result in partial confidentiality and integrity loss, such as theft of user data or session tokens, and high impact on availability potentially through script-based attacks disrupting service or user interaction. However, no known exploits are reported in the wild, and the attack requires user interaction.

No official patch or remediation guidance is currently available from the vendor. Since SKSPro is not a cloud service, users must monitor the vendor's advisories for any forthcoming fixes. Until a patch is released, consider implementing web application firewall (WAF) rules to detect and block reflected XSS payloads as a temporary mitigation. Avoid clicking on suspicious links and educate users about the risk of reflected XSS attacks.