The vulnerability CVE-2025-22751 in farinspace Partners (<= 0.2.0) is a reflected cross-site scripting (XSS) issue caused by improper input neutralization during web page generation. This allows attackers to inject malicious scripts that execute when a user interacts with a crafted link or input, potentially leading to partial compromise of confidentiality, integrity, and availability. The vulnerability has a CVSS 3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network exploitable with low attack complexity, no privileges required, user interaction needed, and scope change. No patch or mitigation details are currently available from the vendor or other sources.

Successful exploitation of this reflected XSS vulnerability can lead to partial disclosure of confidential information, modification of data, and disruption of service availability in the context of the affected web application. The vulnerability requires user interaction and can be triggered remotely over the network without authentication. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with untrusted input and avoid clicking on suspicious links that could trigger reflected XSS. Implementing web application firewall (WAF) rules to detect and block reflected XSS payloads may provide temporary protection.