PT-2025-29876 · Romm · Romm
Rilshrink
·
Published
2025-07-16
·
Updated
2025-07-17
·
CVE-2025-53908
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
RomM versions prior to 3.10.3
RomM versions prior to 4.0.0-beta.3
Description
RomM, a self-hosted rom manager and player, contains an authenticated path traversal issue in the
/api/raw endpoint. This allows for the leakage of passwords and user data potentially stored on the system. The vulnerability affects systems running the latest version of RomM with multiple users, including unprivileged users.Recommendations
Update to RomM version 3.10.3 or later.
Update to RomM version 4.0.0-beta.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Romm