CVE-2025-25205

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-25205

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25205.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-25205

Aliases

GHSA-pg8v-5jcv-wrvw

Published

2025-02-12T18:16:01.326Z

Modified

2025-12-05T08:53:21.687477Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator

Summary

Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Details

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue.

Database specific

{
    "cwe_ids": [
        "CWE-202",
        "CWE-287",
        "CWE-400"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/25xxx/CVE-2025-25205.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/advplyr/audiobookshelf

Affected ranges

Type: GIT
Repo: https://github.com/advplyr/audiobookshelf
Events: Introduced

2b0ba7d1e28f8cc0bcce153cbcde1a06927f93d9

Fixed

725192fbc0f5b289bc70a4eed451710359464ca6

Affected versions

v2.*

v2.17.0

v2.17.1

v2.17.2

v2.17.3

v2.17.4

v2.17.5

v2.17.6

v2.17.7

v2.18.0

v2.18.1

v2.19.0