Vulnerability Details CVE-2025-13315
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.633
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-13315
-
cpe:2.3:a:lynxtechnology:twonky_server:8.5.2
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-