Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Jan 20, 2026

CVE-2025-65229

Description

A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music Server <= 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in the Player name field. That value is stored by the server and later rendered without proper output encoding on the Information (Player Info) tab, causing the script to execute in the context of any user viewing that page.

Affected products

Lyrion/Music Serverdescription
Lyrion/Music Serverllm-create
Range: <= 9.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-65229mitre
lyrion.orgmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000