CVE-2025-9145 is a cross-site scripting (XSS) vulnerability identified in Scada-LTS version 2.7.8.1, specifically within the SVG File Handler component that processes the file view_edit.shtm. The vulnerability arises from improper handling of the backgroundImageMP argument, which can be manipulated by an attacker to inject malicious scripts. This flaw allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser when they access the affected interface. The vulnerability is remotely exploitable without requiring authentication, although user interaction is necessary (i.e., the victim must visit a crafted URL or interface). The CVSS 4.0 score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required, but user interaction is needed. The impact primarily affects confidentiality and integrity at a limited level, with no direct impact on availability. No known exploits are currently reported in the wild, but public disclosure of the exploit details increases the risk of exploitation. Since Scada-LTS is an open-source SCADA platform used for industrial control systems, this vulnerability could be leveraged to compromise the integrity of monitoring or control interfaces, potentially leading to misinformation or unauthorized actions within industrial environments.

For European organizations, especially those operating critical infrastructure or industrial control systems using Scada-LTS, this vulnerability poses a risk of unauthorized script execution that could lead to session hijacking, credential theft, or manipulation of displayed data. This could undermine operational decision-making and potentially facilitate further attacks such as privilege escalation or lateral movement within the network. The impact is particularly significant for sectors like energy, manufacturing, water treatment, and transportation, where SCADA systems are integral. While the vulnerability does not directly affect system availability, the integrity and confidentiality breaches could disrupt operations or cause erroneous control commands. Given the remote exploitability and public disclosure, European entities must be vigilant to prevent exploitation attempts that could compromise sensitive industrial processes or data.

Organizations should immediately review their deployment of Scada-LTS 2.7.8.1 and restrict access to the affected view_edit.shtm interface to trusted users and networks. Implement strict input validation and sanitization on the backgroundImageMP parameter to prevent script injection. Employ web application firewalls (WAFs) with rules targeting XSS payloads specific to this vulnerability. Monitor logs for suspicious requests targeting the SVG File Handler component. Where possible, isolate SCADA management interfaces from general corporate networks and the internet to reduce exposure. Since no official patch is currently available, consider upgrading to a later version if one is released addressing this issue or applying community-developed patches. Educate users about the risks of clicking untrusted links that could exploit this vulnerability. Finally, conduct regular security assessments and penetration tests focusing on SCADA web interfaces to detect similar vulnerabilities.