CVE-2025-66040

Name of the Vulnerable Software and Affected Versions Spotipy versions prior to 2.25.2

Description Spotipy is a Python library used for interacting with the Spotify Web API. A flaw exists in the OAuth callback server that permits JavaScript injection through an unsanitized error parameter, leading to a cross-site scripting (XSS) condition. Successful exploitation allows attackers to execute arbitrary JavaScript code within the user's browser during the OAuth authentication process.

Recommendations Update Spotipy to version 2.25.2 or later.