Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/14 6:23 p.m.9 views

CVE-2025-25205

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

8.2CVSS7.2AI score0.03999EPSS
Exploits2References1
Circl
Circl
added 2025/02/12 6:18 p.m.7 views

CVE-2025-25205

creationtimestamp| type| source ---|---|--- 2025-02-12 18:18:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113992291274845967 2025-02-12 19:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyv4n35zi2a 2025-02-12 20:48:42+00:00| seen|...

8.2CVSS5.7AI score0.03999EPSS
Exploits2References7
Cvelist
Cvelist
added 2025/02/12 6:16 p.m.27 views

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

8.2CVSS0.03999EPSS
Exploits2References5
CVE
CVE
added 2025/02/12 6:16 p.m.126 views

CVE-2025-25205

CVE-2025-25205 affects Audiobookshelf (self-hosted server) versions 2.17.0 through 2.19.0. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored URL-regex patterns (e.g., r=/api/items/1/cover), enabling partial bypass of authentication and, on some ...

8.2CVSS8.3AI score0.03999EPSS
Exploits2References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/12 6:16 p.m.19 views

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

8.2CVSS8.3AI score0.03999EPSS
Exploits2References5
Rows per page
Query Builder