The ESAFENET CDG electronic document security management system has been found to contain a possible cross-site scripting (XSS) vulnerability identified as CVE-2025-0785, located in the SystemConfig.jsp page. This vulnerability was first noted in January 2025 and is the latest in a series of security weaknesses affecting the product, which previously suffered from SQL injection vulnerabilities and inadequate encryption protecting sensitive documents. The XSS flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially enabling session hijacking, credential theft, or unauthorized actions within the application. Scanning activity observed on October 13, 2025, targets the /CDGServer3/SystemConfig endpoint, indicating active reconnaissance or exploitation attempts. However, the lack of comprehensive data from sensors and absence of confirmed exploits in the wild limits the current understanding of the exploitability and impact. The vendor's website and public repositories do not provide patches or detailed advisories, complicating mitigation efforts. ESAFENET CDG appears to be primarily deployed within the Chinese market, with its website and documentation in Chinese, suggesting minimal adoption in Europe. The product's repeated security issues highlight systemic weaknesses in its development and security posture, raising concerns about the confidentiality and integrity of documents managed by the system. Without official patches, organizations using this system face ongoing risks from potential exploitation of these vulnerabilities.

For European organizations, the direct impact of this vulnerability is likely limited due to the product's primary deployment in China and minimal market penetration in Europe. However, European entities with business relationships, supply chain dependencies, or data exchange with Chinese partners using ESAFENET CDG could be indirectly affected. Exploitation of the XSS vulnerability could lead to unauthorized access to sensitive document management functions, session hijacking, or manipulation of document security settings, potentially compromising confidentiality and integrity of critical documents. The historical presence of SQL injection and weak encryption further exacerbates the risk profile, as attackers might chain multiple vulnerabilities for more severe attacks. The absence of patches increases the window of exposure. Additionally, if European organizations use similar or derivative systems, they should be cautious. The scanning activity indicates active interest from threat actors, which could escalate to targeted attacks if the system is found within European networks. Overall, the threat poses a moderate risk mainly to organizations with direct or indirect exposure to ESAFENET CDG systems.

1. Conduct asset inventory to identify any ESAFENET CDG deployments within the organization or supply chain. 2. If ESAFENET CDG is in use, isolate the system from critical network segments and restrict access to trusted users only. 3. Implement web application firewalls (WAF) with custom rules to detect and block suspicious requests targeting /CDGServer3/SystemConfig or other vulnerable endpoints. 4. Monitor logs for unusual activity, especially POST requests and parameters that could indicate exploitation attempts. 5. Engage with the vendor or authorized resellers to request security patches or mitigation guidance, despite the lack of public advisories. 6. Educate users about the risks of XSS and encourage cautious behavior when interacting with the system. 7. Consider deploying additional endpoint protection and network segmentation to limit lateral movement if compromise occurs. 8. Explore alternative document management solutions with stronger security postures if feasible. 9. Stay updated with threat intelligence feeds for any emerging exploits or patches related to ESAFENET CDG. 10. For organizations with Chinese partners, coordinate security assessments and share threat information to mitigate cross-border risks.