CVE-2025-65096

Name of the Vulnerable Software and Affected Versions RomM versions prior to 4.4.1 RomM version 4.4.1-beta.2

Description RomM (ROM Manager) enables users to manage their game collections through a user interface. A flaw exists where users can access private or smart collections belonging to other users by directly using their IDs through an API. The system does not verify ownership or check if a collection is public before returning collection data. The API endpoint allowing this access is not specified. The vulnerable parameter is the collection ID.

Recommendations Update RomM to version 4.4.1 or 4.4.1-beta.2.