CVE-2025-67493

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.45.3

Description A flaw exists in Homarr dashboard that, before version 1.45.3, could allow privilege escalation and access to other users' groups. This is due to insufficient input sanitization within the LDAP search query. An attacker with access to a user account could potentially exploit this issue in instances utilizing LDAP authentication.

Recommendations Update to version 1.45.3 or later.

Exploit

Fix

LPE

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-90

Related Identifiers

CVE-2025-67493

GHSA-59GP-Q3XX-489Q

Affected Products

Homarr

CVE-2025-67493

Weakness Enumeration

Related Identifiers

Affected Products

References · 6