CVE-2025-13316

Published Nov 19, 2025

Last updated 4 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-13316 affects Twonky Server 8.5.2 on Linux and Windows. It involves a cryptographic flaw related to the use of hard-coded cryptographic keys. An attacker who knows the encrypted administrator password can decrypt it using static keys. This allows the attacker to view the password in plain text and gain administrator-level access to the Twonky Server.

Description: Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
Source: cve@rapid7.com
NVD status: Analyzed
Products: twonky_server

Risk scores

CVSS 4.0

Type: Secondary
Base score: 8.2
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

cve@rapid7.com: CWE-321

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 7

QNAPとかで使っている人もいると思いますのでご注意を！ 🚨🚨🚨 CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED) https://t.co/wj3fj79MuR
@autumn_good_35
27 Nov 2025
2490 Impressions
6 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lynxtechnology:twonky_server:8.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2600D3BC-B694-4D2E-959C-D52A8AC20D74"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.