CVE-2025-65229 – A stored XSS vulnerability in Lyrion Music Serv... (How to Fix)

Q: How do I fix CVE-2025-65229?

Check vendor website for updates; no official patch details available yet.

Q: What is the severity of CVE-2025-65229?

CVE-2025-65229 has a CVSS score of 4.6 (MEDIUM). A stored XSS vulnerability in Lyrion Music Server allows authenticated users to inject malicious scripts into the Player name field. These scripts execute when other users view the Player Info tab, potentially compromising their sessions or stealing credentials. This affects all users of Lyrion Music Server versions 9.0.3 and earlier.

📋 TL;DR

A stored XSS vulnerability in Lyrion Music Server allows authenticated users to inject malicious scripts into the Player name field. These scripts execute when other users view the Player Info tab, potentially compromising their sessions or stealing credentials. This affects all users of Lyrion Music Server versions 9.0.3 and earlier.

💻 Affected Systems

Products:

Lyrion Music Server

Versions: <= 9.0.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to Settings Player; default configurations are vulnerable.

📦 What is this software?

Lyrion Music Server by Lyrion

View all CVEs affecting Lyrion Music Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal admin credentials, hijack sessions, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the player information page.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though stored XSS remains a persistent threat.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access; stored XSS is straightforward to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://lyrion.org/

Restart Required: No

Instructions:

Check vendor website for updates; no official patch details available yet.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation to sanitize HTML/JavaScript in the Player name field.

Output Encoding

all

Apply proper output encoding (e.g., HTML entity encoding) when rendering the Player name on the Player Info tab.

🧯 If You Can't Patch

Restrict access to Settings Player to trusted users only.
Monitor and audit changes to Player name fields for suspicious content.

🔍 How to Verify

Check if Vulnerable:

Attempt to inject a simple script (e.g., <script>alert('XSS')</script>) into the Player name field and check if it executes on the Player Info tab.

Check Version:

Check the server version in the web interface or configuration files; refer to vendor documentation.

Verify Fix Applied:

Verify that injected scripts are properly sanitized or encoded and do not execute when viewing the Player Info tab.

📡 Detection & Monitoring

Log Indicators:

Unusual or lengthy entries in Player name update logs
Script tags or JavaScript code in Player name fields

Network Indicators:

Unexpected outbound connections from the server after viewing Player Info tab

SIEM Query:

Search for events where Player name field contains script tags or JavaScript patterns (e.g., <script>, alert(), document.cookie).

📊 Metadata

CVE ID: CVE-2025-65229

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.6th percentile)

Published: December 8, 2025

Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65229, you might also want to check these: