AI description
CVE-2025-13315 is an access control vulnerability found in Twonky Server 8.5.2 running on Linux and Windows. The vulnerability allows an unauthenticated attacker to bypass web service API authentication controls. This bypass can lead to the leakage of a log file, potentially revealing the administrator's username and encrypted password.
- Description
- Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
- Source
- cve@rapid7.com
- NVD status
- Undergoing Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cve@rapid7.com
- CWE-420
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
GitHub - Ashwesker/Blackash-CVE-2025-13315: CVE-2025-13315 - https://t.co/8g6aFik6Xs
@piedpiper1616
29 Nov 2025
1272 Impressions
3 Retweets
14 Likes
6 Bookmarks
1 Reply
0 Quotes
QNAPとかで使っている人もいると思いますのでご注意を! 🚨🚨🚨 CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED) https://t.co/wj3fj79MuR
@autumn_good_35
27 Nov 2025
2490 Impressions
6 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-13315 Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to le… https://t.co/6UoSNI1nbO
@CVEnew
20 Nov 2025
190 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes