5 matches found
CVE-2025-25205
Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...
CVE-2025-25205
creationtimestamp| type| source ---|---|--- 2025-02-12 18:18:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113992291274845967 2025-02-12 19:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyv4n35zi2a 2025-02-12 20:48:42+00:00| seen|...
CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...
CVE-2025-25205
CVE-2025-25205 affects Audiobookshelf (self-hosted server) versions 2.17.0 through 2.19.0. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored URL-regex patterns (e.g., r=/api/items/1/cover), enabling partial bypass of authentication and, on some ...
CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...