SUSE CVE-2025-48948

Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating,...

Permission Verification Flaw

github.com/navidrome/navidrome is vulnerable to a permission verification flaw. The vulnerability is due to insufficient permission verification, allowing regular authenticated users to perform administrator-only transcoding configuration operations...

CVE-2025-48948

Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating,...

Navidrome Transcoding Permission Bypass Vulnerability Report

Summary A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. Details Navidrome supports transcoding...