CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25205 – Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
https://notcve.org/view.php?id=CVE-2025-25205
12 Feb 2025 — Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected... • https://github.com/advplyr/audiobookshelf/blob/1a3d70d04100924d41391acb55bd8ddca486a4fa/server/Auth.js#L17-L41 • CWE-202: Exposure of Sensitive Information Through Data Queries CWE-287: Improper Authentication CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43797 – Path Traversal in audiobookshelf
https://notcve.org/view.php?id=CVE-2024-43797
02 Sep 2024 — audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to write to any directory in the system can be seen as a form of path traversal. However, since it can be restricted to only admin permissions, fixing this is relatively simple and falls more into the realm of Rol... • https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gg56-vj58-g5mc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35236 – Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks
https://notcve.org/view.php?id=CVE-2024-35236
27 May 2024 — Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability... • https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •