CVE-2025-67493

Published Dec 17, 2025

Last updated a month ago

CVSS high 7.5

Overview

Description: Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.
Source: security-advisories@github.com
NVD status: Analyzed
Products: homarr

Risk scores

CVSS 3.1

Type: Primary
Base score: 9
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security-advisories@github.com: CWE-20

Hype score: Not currently trending

CVE-2025-67493 Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of othe… https://t.co/CEYMMBIpI3
@CVEnew
20 Dec 2025
197 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:homarr:homarr:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CC064DC6-491E-4B5B-9D5F-75126BC6EB5C",
            "versionEndExcluding": "1.45.3",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References