Vulnerability Details CVE-2025-63648
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-63648
-
cpe:2.3:a:owntone:owntone_server:-
-
cpe:2.3:a:owntone:owntone_server:0.10
-
cpe:2.3:a:owntone:owntone_server:0.11
-
cpe:2.3:a:owntone:owntone_server:0.12
-
cpe:2.3:a:owntone:owntone_server:0.19
-
cpe:2.3:a:owntone:owntone_server:20.0
-
cpe:2.3:a:owntone:owntone_server:21.0
-
cpe:2.3:a:owntone:owntone_server:22.0
-
cpe:2.3:a:owntone:owntone_server:22.1
-
cpe:2.3:a:owntone:owntone_server:22.2
-
cpe:2.3:a:owntone:owntone_server:22.3
-
cpe:2.3:a:owntone:owntone_server:23.0
-
cpe:2.3:a:owntone:owntone_server:23.1
-
cpe:2.3:a:owntone:owntone_server:23.2
-
cpe:2.3:a:owntone:owntone_server:23.3
-
cpe:2.3:a:owntone:owntone_server:23.4
-
cpe:2.3:a:owntone:owntone_server:24.0
-
cpe:2.3:a:owntone:owntone_server:24.1
-
cpe:2.3:a:owntone:owntone_server:24.2
-
cpe:2.3:a:owntone:owntone_server:25.0
-
cpe:2.3:a:owntone:owntone_server:26.0
-
cpe:2.3:a:owntone:owntone_server:26.1
-
cpe:2.3:a:owntone:owntone_server:26.2
-
cpe:2.3:a:owntone:owntone_server:26.3
-
cpe:2.3:a:owntone:owntone_server:26.4
-
cpe:2.3:a:owntone:owntone_server:26.5
-
cpe:2.3:a:owntone:owntone_server:27.0
-
cpe:2.3:a:owntone:owntone_server:27.1
-
cpe:2.3:a:owntone:owntone_server:27.2
-
cpe:2.3:a:owntone:owntone_server:27.3
-
cpe:2.3:a:owntone:owntone_server:27.4
-
cpe:2.3:a:owntone:owntone_server:28.0
-
cpe:2.3:a:owntone:owntone_server:28.1
-
cpe:2.3:a:owntone:owntone_server:28.10
-
cpe:2.3:a:owntone:owntone_server:28.11
-
cpe:2.3:a:owntone:owntone_server:28.12
-
cpe:2.3:a:owntone:owntone_server:28.2
-
cpe:2.3:a:owntone:owntone_server:28.3
-
cpe:2.3:a:owntone:owntone_server:28.4
-
cpe:2.3:a:owntone:owntone_server:28.5
-
cpe:2.3:a:owntone:owntone_server:28.6
-
cpe:2.3:a:owntone:owntone_server:28.7
-
cpe:2.3:a:owntone:owntone_server:28.8
-
cpe:2.3:a:owntone:owntone_server:28.9
-
cpe:2.3:a:owntone:owntone_server:29.0