cvelistv5 - cve-2025-67493

CVE-2025-67493 (GCVE-0-2025-67493)

Vulnerability from cvelistv5 – Published: 2025-12-17 21:09 – Updated: 2025-12-18 15:09

Title

Homarr issing input sanitization and possible privilege escalation through ldap search query injection

Summary

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

CWE

CWE-20 - Improper Input Validation
CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Assigner

GitHub_M

References

URL

Tags

https://github.com/homarr-labs/homarr/security/ad…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	homarr-labs	homarr	Affected: < 1.45.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-67493",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T14:56:10.125990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T15:09:27.419Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "homarr",
          "vendor": "homarr-labs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.45.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-90",
              "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-17T21:09:44.090Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q"
        }
      ],
      "source": {
        "advisory": "GHSA-59gp-q3xx-489q",
        "discovery": "UNKNOWN"
      },
      "title": "Homarr issing input sanitization and possible privilege escalation through ldap search query injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-67493",
    "datePublished": "2025-12-17T21:09:44.090Z",
    "dateReserved": "2025-12-08T18:49:47.487Z",
    "dateUpdated": "2025-12-18T15:09:27.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-67493\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-17T21:16:15.627\",\"lastModified\":\"2025-12-18T15:07:42.550\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-90\"}]}],\"references\":[{\"url\":\"https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Homarr issing input sanitization and possible privilege escalation through ldap search query injection\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-20\", \"lang\": \"en\", \"description\": \"CWE-20: Improper Input Validation\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-90\", \"lang\": \"en\", \"description\": \"CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"scope\": \"CHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q\"}], \"affected\": [{\"vendor\": \"homarr-labs\", \"product\": \"homarr\", \"versions\": [{\"version\": \"\u003c 1.45.3\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-17T21:09:44.090Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.\"}], \"source\": {\"advisory\": \"GHSA-59gp-q3xx-489q\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-67493\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-18T14:56:10.125990Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-18T14:56:12.208Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-67493\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-12-08T18:49:47.487Z\", \"datePublished\": \"2025-12-17T21:09:44.090Z\", \"dateUpdated\": \"2025-12-18T15:09:27.419Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-67493

Vulnerability from fkie_nvd - Published: 2025-12-17 21:16 - Updated: 2025-12-18 15:07

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L