PT-2025-47565 · Romm · Romm

Published

2025-11-20

Updated

2025-12-03

CVE-2025-65097

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions RomM versions prior to 4.4.1 RomM version 4.4.1-beta.2

Description RomM (ROM Manager) is a tool that allows users to manage their game collections. An authenticated user can delete collections belonging to other users by sending a DELETE request to the collection endpoint. There is no ownership verification performed before deleting collections. The vulnerable API endpoint is '/collections' and the vulnerable parameter is collection id.

Recommendations Update RomM to version 4.4.1 or 4.4.1-beta.2.

Exploit

Fix

Improper Access Control

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-639

Related Identifiers

CVE-2025-65097

GHSA-V7C8-F6XC-RV9G

Affected Products

Romm

PT-2025-47565 · Romm · Romm

CVE-2025-65097

Weakness Enumeration

Related Identifiers

Affected Products

References · 7