CVE-2025-9144 is a cross-site scripting (XSS) vulnerability identified in Scada-LTS version 2.7.8.1, specifically within the file publisher_edit.shtm. The vulnerability arises from improper sanitization or validation of the 'Name' argument, allowing an attacker to inject malicious scripts. This flaw can be exploited remotely without requiring authentication, although user interaction is necessary to trigger the malicious payload, as indicated by the CVSS vector (UI:P). The vulnerability has a CVSS 4.0 base score of 5.1, categorized as medium severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), and no impact on confidentiality or availability, but a low impact on integrity (VI:L). The vulnerability does not affect system confidentiality or availability but can lead to integrity issues through script injection, potentially enabling session hijacking, defacement, or redirection to malicious sites. Although no public exploit is currently known to be in the wild, proof-of-concept code has been made publicly available, increasing the risk of exploitation. Scada-LTS is an open-source SCADA (Supervisory Control and Data Acquisition) system used for industrial control and monitoring, making this vulnerability particularly relevant to critical infrastructure environments where such systems are deployed. The vulnerability's presence in a web interface component (publisher_edit.shtm) suggests that attackers could exploit it via crafted HTTP requests to inject scripts that execute in the context of legitimate users' browsers, potentially compromising user sessions or enabling further attacks within the SCADA environment.

For European organizations, especially those operating critical infrastructure such as energy, water, manufacturing, and transportation sectors that rely on SCADA systems, this vulnerability poses a moderate risk. Exploitation could lead to unauthorized script execution within the SCADA management interface, potentially allowing attackers to manipulate displayed data, hijack user sessions, or perform actions on behalf of legitimate users. While the vulnerability does not directly compromise system availability or confidentiality, the integrity of control commands or monitoring data could be affected, leading to operational disruptions or incorrect system states. Given the increasing digitization and interconnectivity of industrial control systems in Europe, exploitation could have cascading effects on operational reliability and safety. Additionally, the remote exploitability without authentication increases the attack surface, especially if the affected SCADA interfaces are exposed to less secure network segments or the internet. The public availability of exploit code further elevates the risk of opportunistic attacks targeting European organizations using Scada-LTS 2.7.8.1.

Organizations should immediately assess their deployment of Scada-LTS and identify any instances running version 2.7.8.1. Since no official patch links are provided, it is critical to implement compensating controls: 1) Restrict access to the Scada-LTS web interface to trusted networks only, using network segmentation and firewall rules to limit exposure. 2) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the 'Name' parameter in publisher_edit.shtm. 3) Conduct input validation and sanitization at the application level if possible, or apply temporary code fixes to sanitize user inputs. 4) Educate users and administrators about the risk of phishing or social engineering attacks that could trigger the XSS payload. 5) Monitor logs and network traffic for unusual activities related to the SCADA web interface. 6) Plan for an upgrade or patch deployment once an official fix is released by the Scada-LTS maintainers. 7) Consider deploying Content Security Policy (CSP) headers to mitigate the impact of injected scripts. These measures will reduce the likelihood and impact of exploitation until a permanent fix is available.