FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

navidrome -- transcoding permission bypass vulnerability

Affected packages
navidrome < 0.56.0

Details

VuXML ID 95480188-6ebc-11f0-8a78-bf201f293bce
Discovery 2025-05-29
Entry 2025-08-01

Deluan Quintão reports:

A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings.

[source]

References

CVE Name CVE-2025-48948
URL https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.