CVE-2025-13315CRITICAL 9.8EPSS p98.1%

CVE-2025-13315CVE-2025-13315

Description

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS31.94% probability of exploitation · percentile 98.1% · 2026-06-18T12:00:27Z
Published2025-11-19
Last modified2025-12-02

Underlying weaknesses· 1

CWE-420

References

  1. https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/

1

TypeTargetConfidenceTier
WeaknessUnprotected Alternate Channelcwe-4200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13316
CVE
CVE-2025-11625
CVE
CVE-2025-40765
CVE
CVE-2025-1393
CVE
CVE-2025-32866
CVE
CVE-2025-53118
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.