CVE-2025-13315
Undergoing Analysis
Published: 19 Nov 2025, 18:15
Last modified:19 Nov 2025, 19:14
Vulnerability Summary
Overall Risk
High Risk
60/100 AI Analysis
Emergency
Requires Immediate Action CVSS Score
9.3 CRITICAL
CVSS v4.0 (CVE)
EPSS Score
63.27% CRITICAL
63% probability 0.00%
CISA KEV
Not listed
Ransomware
No reports
Exploits
1 found
Dark Web
Activity detected
Telegram
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Source Identifier: cve@rapid7.com
| CVSS | Source | Severity | Exploit. | Impact | Vector |
|---|---|---|---|---|---|
| v4.0 | cve@rapid7.com | 9.3 CRITICAL | NA | NA | CVSS:4.0/AV:N/AC:L/AT:N/P... |
| v3.1 | n/a | ||||
| v3.0 | n/a | ||||
| v2.0 | n/a | ||||
63.27%
Current Score
0.00%
98%ile
Percentile Rank
0.00%
Loading chart...
Loading chart...
Unprotected Alternate Channel CWE-420
Description:The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Not listed in CISA Known Exploited Vulnerabilities catalog.
Telegram Activity Detected
This vulnerability has been mentioned in monitored Telegram channels, indicating potential threat actor interest.
metasploitauxiliaryVerified
Author: remmons-r7
Updated: 27 Nov 2025, 14:33
This module leverages an authentication bypass in Twonky Server 8.5.2. By exploiting
an authorization flaw to access a privileged web API endpoint and leak application logs,
encrypted administrator credentials are leaked (CVE-2025-13315). The exploit will then decrypt
these credentials using hardcoded keys (CVE-2025-13316) and login as the administrator.
Expected module output is a username and plain text password for the administrator account.
CVE-2025-13315CVE-2025-13316rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/
No affected systems information available.