What is CVE-2025-22572?

A medium-severity Cross-site Scripting vulnerability exists in Brian Legacy ePlayer, impacting versions up to 0.9.9. Organizations should prioritize patching to mitigate risk from potential exploitation.

What is the severity of CVE-2025-22572?

CVE-2025-22572 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2025-22572 | Medium Vulnerability in Brian Legacy ePlayer

This vulnerability allows improper neutralization of input during web page generation, leading to stored Cross-site Scripting (XSS) in the Brian Legacy ePlayer plugin for WordPress. Specifically, this issue affects versions from n/a through 0.9.9.

The CVSS score for this vulnerability is 6.5, classifying it as medium severity. This classification is significant as it highlights the potential impact and the need for organizations to act promptly. The XSS vulnerability can be exploited by attackers to execute malicious scripts in the context of the user's session, potentially leading to unauthorized access or data manipulation.

The vulnerability was published on January 7, 2025, and the status is currently marked as deferred. Organizations using affected versions of the Brian Legacy ePlayer should assess their systems for exposure and take necessary precautions.

Given the nature of this vulnerability, organizations should prioritize patching immediately to mitigate risks associated with potential exploitation. Failure to address this vulnerability could lead to significant security incidents.

For further details on this vulnerability, refer to the vendor's advisory published by Patchstack.

Vulnerability Details

The Cross-site Scripting vulnerability in the Brian Legacy ePlayer allows stored XSS, which can be exploited to execute scripts in the browser of users who visit compromised pages. The details include:

CVSS Score: 6.5 (Medium severity) Affected Versions: Legacy ePlayer up to 0.9.9 CWE Classification: CWE-79 (Improper Neutralization of Input During Web Page Generation) Publication Date: January 7, 2025

Technical Analysis

The root cause of this vulnerability lies in the inadequate sanitization of user input during the web page generation process. This leads to the potential execution of arbitrary scripts that can be stored and later executed in the context of another user's session.

The attack vector for this vulnerability is network-based, and the attack complexity is low, requiring minimal skills to exploit. Additionally, it requires low privileges and user interaction, as victims must visit the affected web pages. The impacts on confidentiality, integrity, and availability are all classified as low.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access, data theft, and loss of user trust. The blast radius could encompass all users of the affected plugin, making it critical for organizations to address this vulnerability promptly.

Given the CVSS score of 6.5 and the lack of known exploits, organizations should address this vulnerability in their priority patch cycle. The urgency is classified as medium, emphasizing the need for remediation but allowing some time for planning.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the Legacy ePlayer plugin are all versions prior to the vendor patch, specifically versions n/a through 0.9.9.

Mitigation & Remediation

To mitigate this vulnerability, organizations should immediately apply the latest update for the Legacy ePlayer plugin. If a patch is not available, organizations should consider implementing the following workarounds:

1. Validate user inputs rigorously to prevent malicious scripts from being stored. 2. Employ Content Security Policy (CSP) to limit script execution contexts. 3. Monitor for suspicious activities that could indicate exploitation attempts.

For comprehensive guidance on security practices, organizations can refer to resources such as application security assessment and maintain a proactive security posture.

Detection Guidance

Organizations should monitor logs for unusual patterns or anomalies, particularly those indicating attempts to inject scripts. Behavior indicative of exploitation may include unexpected user inputs or changes to stored data that do not align with normal user activities.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability is notable as it highlights ongoing challenges with input validation in web applications. Security teams should learn from the patterns of this vulnerability to enhance their defenses against XSS attacks.

The trend of such vulnerabilities suggests that organizations need to prioritize comprehensive security reviews and robust testing methodologies. For best practices in security testing, organizations can explore resources on web application penetration testing to uncover similar weaknesses.

Additionally, it is crucial to integrate proactive measures and continuous assessments into the security strategy. Organizations should also consider engaging with professional services for red teaming to simulate attacks and evaluate the effectiveness of existing defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2026-7704	CVE-2026-7704: Low Vulnerability in AV Stumpfl Pixera Two Media Server	LOW	Path Traversal	May 3, 2026
CVE-2026-7703	CVE-2026-7703: Medium Vulnerability in AV Stumpfl Pixera Two Media Server	MEDIUM	Injection	May 3, 2026
CVE-2026-7702	CVE-2026-7702: Medium Vulnerability in toeverything AFFiNE	MEDIUM	Improper Authorization	May 3, 2026
CVE-2026-7701	CVE-2026-7701: Low Vulnerability in Telegram Desktop	LOW	Null Pointer Dereference	May 3, 2026
CVE-2026-7700	CVE-2026-7700: Low Vulnerability in langflow-ai langflow	LOW	Injection	May 3, 2026

CVE-2025-22572: Medium Vulnerability in Brian Legacy ePlayer