CVE-2025-10669

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Airsonic-Advanced versions prior to 10.6.1

Description A vulnerability exists in Airsonic-Advanced up to version 10.6.0 within the Playlist Upload Handler component. Manipulation of the component allows for unrestricted file uploads, and the attack can be initiated remotely. The exploit is publicly available.

Recommendations Update Airsonic-Advanced to version 10.6.1 or later.

Exploit

Fix

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-284

Related Identifiers

CVE-2025-10669

Affected Products

Airsonic-Advanced

CVE-2025-10669

Weakness Enumeration

Related Identifiers

Affected Products

References · 6