CVE-2025-65229 is a stored cross-site scripting (XSS) vulnerability identified in the web interface of Lyrion Music Server versions up to and including 9.0.3. The vulnerability arises because an authenticated user with access to the Settings Player functionality can input arbitrary HTML or JavaScript code into the Player name field. This input is stored on the server and later rendered on the Information (Player Info) tab without proper output encoding or sanitization, allowing the injected script to execute in the context of any user who views that page. The flaw is classified under CWE-79, which relates to improper neutralization of input during web page generation. Exploitation requires the attacker to have valid credentials with access to the Settings Player area and requires that a victim user views the affected Player Info tab, thus involving user interaction. The CVSS v3.1 base score of 4.6 reflects a medium severity, considering the attack vector is network-based, the attack complexity is low, privileges required are low, and user interaction is required. The impact primarily affects confidentiality and integrity by enabling potential theft of session tokens, user credentials, or execution of unauthorized actions on behalf of the victim. Availability is not impacted. No public exploits have been reported to date, and no official patches or updates are linked, indicating that mitigation may currently rely on configuration and access control measures. This vulnerability is particularly relevant for organizations using Lyrion Music Server in environments where multiple users access the web interface, such as media companies or enterprises managing audio streaming infrastructure.

For European organizations, this vulnerability poses a risk of unauthorized script execution within the context of authenticated users accessing the Lyrion Music Server web interface. Potential impacts include theft of session cookies, user credentials, or execution of malicious actions impersonating legitimate users. This can lead to unauthorized access to sensitive information, lateral movement within the network, or disruption of service management. Although the vulnerability requires authentication and user interaction, the medium severity rating indicates a non-trivial risk, especially in environments with multiple users or where user privileges are not tightly controlled. Organizations in sectors such as media, broadcasting, or entertainment that rely on Lyrion Music Server for audio streaming or management could face reputational damage, data leakage, or compliance issues if exploited. The absence of known exploits in the wild suggests the threat is currently low but could increase if attackers develop weaponized payloads. European data protection regulations (e.g., GDPR) also impose obligations to protect personal data, and exploitation of this vulnerability could lead to regulatory penalties if personal data is compromised.

To mitigate CVE-2025-65229, European organizations should implement the following specific measures: 1) Restrict access to the Settings Player interface strictly to trusted and necessary personnel to reduce the attack surface. 2) Implement input validation and output encoding on the Player name field to neutralize any HTML or JavaScript content before storage and rendering. 3) Monitor web interface logs for unusual or suspicious input patterns indicative of attempted XSS injection. 4) Educate users with access about the risks of stored XSS and encourage cautious behavior when interacting with Player Info tabs. 5) If possible, apply web application firewall (WAF) rules to detect and block XSS payloads targeting this interface. 6) Segregate user roles and enforce least privilege principles to limit the ability of authenticated users to modify Player names. 7) Regularly review and update the Lyrion Music Server software and monitor vendor communications for official patches or security advisories. 8) Consider isolating the management interface from general user networks to reduce exposure. These targeted actions go beyond generic advice by focusing on access control, input sanitization, monitoring, and user education specific to the vulnerability context.