CVE-2025-65230 is a stored cross-site scripting (XSS) vulnerability identified in Barix Instreamer devices, specifically versions v04.05 and v04.06. The vulnerability resides in the Web UI Configuration Streaming Destination input field, where malicious scripts can be injected and stored persistently. This allows an attacker with low privileges (PR:L) and requiring user interaction (UI:R) to execute arbitrary JavaScript code in the context of the victim’s browser when accessing the device’s web interface. The vulnerability impacts confidentiality and integrity by potentially exposing sensitive information or enabling unauthorized actions through script execution, but does not affect system availability. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates network attack vector, low attack complexity, partial scope change, and limited impact on confidentiality and integrity. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be considered in risk assessments. The CWE-79 classification confirms this is a classic stored XSS issue, often arising from insufficient input sanitization and output encoding in web applications. Given the device’s role in streaming audio configurations, exploitation could lead to manipulation of streaming parameters or session hijacking within the administrative interface.

For European organizations, the impact of CVE-2025-65230 is primarily on the confidentiality and integrity of the Barix Instreamer device’s web management interface. Attackers exploiting this vulnerability could execute malicious scripts that steal credentials, manipulate configuration settings, or perform unauthorized actions on behalf of legitimate users. This could disrupt audio streaming services or lead to further network compromise if the device is part of a larger infrastructure. While availability is not directly impacted, the integrity compromise could degrade service quality or cause misconfigurations. Organizations in sectors such as broadcasting, public safety, transportation, and industrial automation that rely on Barix Instreamer devices for streaming audio are at higher risk. The vulnerability’s medium severity suggests a moderate risk level, but the ease of exploitation and potential for lateral movement within networks elevate the concern. Additionally, the lack of patches increases exposure time, necessitating proactive mitigation.

1. Restrict access to the Barix Instreamer Web UI by implementing network segmentation and firewall rules to limit management interface exposure to trusted administrators only. 2. Enforce strong authentication mechanisms and monitor for unusual login attempts or session anomalies. 3. Implement web application firewalls (WAFs) that can detect and block XSS payloads targeting the device’s web interface. 4. Conduct regular input validation and output encoding reviews if custom integrations or scripts interact with the device’s configuration interface. 5. Monitor device logs and network traffic for signs of exploitation attempts or suspicious activity related to the streaming destination configuration. 6. Engage with Barix support or vendor channels to obtain official patches or firmware updates as soon as they become available. 7. Educate administrators about the risks of stored XSS and the importance of cautious interaction with configuration inputs. 8. Consider temporary disabling or limiting the use of the vulnerable configuration input fields if feasible until a patch is released.