UPDATE: CVE-2025-48700 assessment refined. Prior reporting indicated persistent XSS vector within application middleware; supplementary analysis confirms exploitation pathway requires authenticated session state, effectively limiting attack surface to internal personnel with existing system access. Threat severity downgraded from critical to high pending vendor patch deployment timeline.