CVE-2025-67493

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

17/12/2025

Last modified:

18/12/2025

Description

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): High
Integrity (I): High
Availability (A): Low

Base Score 3.x

7.50

Severity 3.x

HIGH

References to Advisories, Solutions, and Tools

https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q