Medium severity6.3OSV Advisory· Published Nov 24, 2025· Updated Apr 29, 2026

CVE-2025-13588

Description

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and could be used. Upgrading to version 2.8.1 is sufficient to resolve this issue. The patch is named c70bfb8d36b47bfd64c5ec73917e1d9ddb97af92. It is suggested to upgrade the affected component.

Affected products

Lkinderbueno/Streamity Xtream Iptv Web PlayerOSV
Range: 1.0, 1.1, 1.1F, …

Patches

c70bfb8d36b4

https://github.com/lkinderbueno/streamity-xtream-iptv-web-playervia osv

2b571d8109d6

https://github.com/lkinderbueno/streamity-xtream-iptv-web-playervia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000