Executive Summary

Informations
Name CVE-2025-53908 First vendor Publication 2025-07-16
Vendor Cve Last vendor Modification 2025-07-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53908

Sources (Detail)

https://github.com/rommapp/romm/blob/4.0.0-beta.2/backend/endpoints/raw.py#L31
https://github.com/rommapp/romm/commit/7c94cb05e74ddb6a6af7b82320686c01754e9966
https://github.com/rommapp/romm/commit/baa1a9759079c36e36a9f10c920c46b57d0b6151
https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-07-18 21:20:36
  • Multiple Updates
2025-07-17 00:20:33
  • First insertion