CVE-2025-65572 is a reflected Cross Site Scripting (XSS) vulnerability affecting AllskyTeam's AllSky software, specifically version 2024.12.06_06. The vulnerability arises from improper sanitization of user-supplied input parameters—config, filename, and extratext—passed to the allskySettings.php script. When these parameters contain malicious JavaScript code, the showMessages() function in status_messages.php outputs error messages that include the injected script without proper encoding or escaping. This results in the execution of arbitrary JavaScript code in the context of the victim's browser when they reload or visit the allskySettings.php page. The vulnerability is exploitable remotely without authentication or special privileges, making it accessible to any attacker who can lure a user to the vulnerable page with crafted URL parameters. The lack of a CVSS score indicates this is a newly published vulnerability with limited public analysis, but the technical details confirm a classic reflected XSS scenario. Although no public exploits are known, the vulnerability could be leveraged for session hijacking, phishing, or delivering further malware payloads. The affected software is used primarily in astronomical imaging and research communities, which may include academic and research institutions across Europe.

For European organizations, the impact of CVE-2025-65572 can be significant, especially for academic, research, and scientific institutions using AllSky software for astronomical data collection and imaging. Successful exploitation could allow attackers to execute arbitrary scripts in the browsers of users accessing the allskySettings.php page, potentially leading to theft of session cookies, user credentials, or other sensitive information. This could facilitate unauthorized access to internal systems or data. Additionally, attackers could use the vulnerability to perform phishing attacks or distribute malware within trusted networks. The integrity of scientific data and the availability of imaging systems could be indirectly affected if attackers leverage the vulnerability to disrupt operations or gain footholds in networks. While the software’s niche usage limits the scope, organizations relying on AllSky for operational purposes should consider the risk high due to the ease of exploitation and potential for lateral movement within networks.

To mitigate CVE-2025-65572, organizations should immediately implement input validation and output encoding on the affected parameters (config, filename, extratext) within allskySettings.php and status_messages.php. Specifically, all user-supplied input must be sanitized to remove or encode HTML special characters before being rendered in error messages. Applying Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting script execution sources. Organizations should monitor for updates or patches from AllskyTeam and apply them promptly once available. In the interim, restricting access to the allskySettings.php page to trusted users and networks can reduce exposure. Security teams should also educate users about the risks of clicking on suspicious links and implement web application firewalls (WAFs) with rules to detect and block XSS attack patterns targeting these parameters. Regular security assessments and code reviews of custom or third-party software used in research environments are recommended to identify similar vulnerabilities.