CVE-2025-13315

Summary

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.

Affected Software

VendorProductVersion RangeStatus
LynxtechnologyTwonky Server8.5.2affected

Weaknesses

  • CWE-420: CWE-420: Unprotected Alternate Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References