CVE-2025-13315

CVSS v4.0

9.3

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Twonky Server version 8.5.2

Description An unauthenticated attacker can bypass web service API authentication controls. This allows access to a log file containing the administrator's username and encrypted password. The affected software is Twonky Server version 8.5.2 running on Linux and Windows. The API authentication bypass allows unauthorized access to sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-420

Related Identifiers

CVE-2025-13315

Affected Products

Twonky Server

CVE-2025-13315

Weakness Enumeration

Related Identifiers

Affected Products

References · 8