PT-2025-31882 · Unknown · Trilium Notes
Mrdgef
·
Published
2025-08-05
·
Updated
2025-08-10
·
CVE-2025-53544
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Trilium Notes versions prior to 0.97.0
Description
Trilium Notes is a cross-platform hierarchical note taking application. A brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The application is single-user and does not require a username. The application can be exposed to the internet due to features like multi-factor authentication and note sharing.
Recommendations
Update to version 0.97.0 or later.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trilium Notes