AI description
CVE-2025-13316 affects Twonky Server 8.5.2 on Linux and Windows. It involves a cryptographic flaw related to the use of hard-coded cryptographic keys. An attacker who knows the encrypted administrator password can decrypt it using static keys. This allows the attacker to view the password in plain text and gain administrator-level access to the Twonky Server.
- Description
- Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
- Source
- cve@rapid7.com
- NVD status
- Analyzed
- Products
- twonky_server
CVSS 4.0
- Type
- Secondary
- Base score
- 8.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@rapid7.com
- CWE-321
- Hype score
- Not currently trending
🚨 Twonky Auth Bypass, RCEs, and RISC-V Reverse Shell Payloads disclosed in Metasploit Framework this week, including CVE-2025-13315 and CVE-2025-13316. #cybersecurity https://t.co/JLR8QUYCu7
@not2cleverdotme
6 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
QNAPとかで使っている人もいると思いますのでご注意を! 🚨🚨🚨 CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED) https://t.co/wj3fj79MuR
@autumn_good_35
27 Nov 2025
2490 Impressions
6 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lynxtechnology:twonky_server:8.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2600D3BC-B694-4D2E-959C-D52A8AC20D74"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]