Home

Description

EN DE

A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vendor confirms this vulnerability but classifies it as a "low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account". It is planned to fix this issue in the next major release v5.

In Sonarr 4.0.15.2940 wurde eine Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei C:\ProgramData\Sonarr\bin\Sonarr.Console.exe der Komponente Service. Mit der Manipulation mit unbekannten Daten kann eine incorrect default permissions-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal möglich.

PUBLISHED Reserved 2025-11-13 | Published 2025-11-13 | Updated 2025-11-14 | Assigner VulDB




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C
HIGH: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C
6.8AV:L/AC:L/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:C

Problem types

Incorrect Default Permissions

Incorrect Privilege Assignment

Timeline

2025-11-13:Advisory disclosed
2025-11-13:VulDB entry created
2025-11-13:VulDB entry last update

Credits

lakshay12311 (VulDB User) reporter

References

vuldb.com/?id.332362 (VDB-332362 | Sonarr Service Sonarr.Console.exe default permission) vdb-entry

vuldb.com/?ctiid.332362 (VDB-332362 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.683894 (Submit #683894 | Sonarr 4.0.15.2940 Incorrect Default Permissions) third-party-advisory

github.com/lakshayyverma/CVE-Discovery/blob/main/Sonarr.md related

cve.org (CVE-2025-13131)

nvd.nist.gov (CVE-2025-13131)

Download JSON