PT-2025-27638 · Homebox · Homebox
Tankerkiller125
·
Published
2025-07-02
·
Updated
2025-07-02
·
CVE-2025-53108
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
HomeBox versions prior to 0.20.1
Description:
The issue is related to a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item attachments that they do not own, potentially leading to unauthorized data manipulation or loss of critical inventory data.
Recommendations:
For versions prior to 0.20.1, upgrade to version 0.20.1 to resolve the issue. As a temporary mitigation measure, consider restricting access to the API endpoints responsible for updating and deleting inventory item attachments until the upgrade is applied.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Homebox