VulnCheck KEV: CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

Metasploit Wrap-Up 12/05/2025

Twonky Auth Bypass, RCEs and RISC-V Reverse Shell Payloads This was another fantastic week in terms of PR contribution to the Metasploit Framework. Rapid7’s very own Ryan Emmons recently disclosed CVE-2025-13315 and CVE-2025-13316 which exist in Twonky Server and allow decrypting admin credential...

Twonky Server Log Leak Authentication Bypass

This module leverages an authentication bypass in Twonky Server 8.5.2. By exploiting an authorization flaw to access a privileged web API endpoint and leak application logs, encrypted administrator credentials are leaked CVE-2025-13315. The exploit will then decrypt these credentials using...

CVE-2025-13315

creationtimestamp| type| source ---|---|--- 2025-11-19 19:02:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5ywwughfc2b 2025-11-20 00:03:05+00:00| seen| https://infosec.exchange/users/offseq/statuses/115579091938611219 2025-11-20 00:03:06+00:00| seen|...

Oracle Linux 8 : gdk-pixbuf2 (ELSA-2025-13315)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-13315 advisory. - Backport fixes for CVE-2025-7345 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

RHEL 8 : gdk-pixbuf2 (RHSA-2025:13315)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13315 advisory. The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits suc...