CVE-2025-13316

Summary

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

Affected Software

VendorProductVersion RangeStatus
LynxtechnologyTwonky Server8.5.2affected

Weaknesses

  • CWE-321: CWE-321: Use of Hard-coded Cryptographic Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References