CVE-2025-13315
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
82.4%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 11/19/2025
- Last Modified
- 12/2/2025
Frequently Asked Questions
What is CVE-2025-13315?
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Is CVE-2025-13315 actively exploited?
Active exploitation of CVE-2025-13315 has not been confirmed. The EPSS score is 82.4%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-13315?
CVE-2025-13315 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2025-13315 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.