4 matches found
CVE-2025-27112
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...
CVE-2025-27112
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...
CVE-2025-27112 Navidrome has authentication bypass in Subsonic API with non-existent username
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...
CVE-2025-27112
creationtimestamp| type| source ---|---|--- 2025-02-22 17:14:30+00:00| published-proof-of-concept| https://github.com/navidrome/navidrome/security/advisories/GHSA-c3p4-vm8f-386p 2025-02-24 19:22:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5207 2025-02-24...