AI description
CVE-2025-13315 is an access control vulnerability found in Twonky Server 8.5.2 running on Linux and Windows. The vulnerability allows an unauthenticated attacker to bypass web service API authentication controls. This bypass can lead to the leakage of a log file, potentially revealing the administrator's username and encrypted password.
- Description
- Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
- Source
- cve@rapid7.com
- NVD status
- Analyzed
- Products
- twonky_server
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@rapid7.com
- CWE-420
- Hype score
- Not currently trending
SECURITY ALERT: CVE-2025-13315 Exploit Fix & Mitigation Guide Read more: https://t.co/xn5N62JDEN #Cybersecurity #CVE https://t.co/kZPoQn1TKJ
@SecReportCVE
18 Dec 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Twonky Auth Bypass, RCEs, and RISC-V Reverse Shell Payloads disclosed in Metasploit Framework this week, including CVE-2025-13315 and CVE-2025-13316. #cybersecurity https://t.co/JLR8QUYCu7
@not2cleverdotme
6 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub - Ashwesker/Blackash-CVE-2025-13315: CVE-2025-13315 - https://t.co/8g6aFik6Xs
@piedpiper1616
29 Nov 2025
2858 Impressions
6 Retweets
23 Likes
9 Bookmarks
1 Reply
0 Quotes
QNAPとかで使っている人もいると思いますのでご注意を! 🚨🚨🚨 CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED) https://t.co/wj3fj79MuR
@autumn_good_35
27 Nov 2025
2490 Impressions
6 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-13315 Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to le… https://t.co/6UoSNI1nbO
@CVEnew
20 Nov 2025
190 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lynxtechnology:twonky_server:8.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2600D3BC-B694-4D2E-959C-D52A8AC20D74"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]