CVE-2025-67493CRITICAL 9.0EPSS p16.9%

CVE-2025-67493CVE-2025-67493

Description

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

Scoring

CVSS 3.19.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS0.26% probability of exploitation · percentile 16.9% · 2026-06-18T12:00:27Z
Published2025-12-17
Last modified2026-01-30

Underlying weaknesses· 2

CWE-20CWE-90

References

  1. https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q

2

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessImproper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')cwe-900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33510
CVE
CVE-2025-48208
CVE
CVE-2025-24456
CVE
CVE-2025-63721
CVE
CVE-2025-47631
CVE
CVE-2025-7493
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.