Home

Description

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

PUBLISHED Reserved 2025-11-17 | Published 2025-11-19 | Updated 2025-11-19 | Assigner rapid7




HIGH: 8.2CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-321: Use of Hard-coded Cryptographic Key

Product status

Default status
unaffected

8.5.2
affected

Credits

Ryan Emmons, Staff Security Researcher at Rapid7 finder

References

www.rapid7.com/...ky-server-authentication-bypass-not-fixed/

cve.org (CVE-2025-13316)

nvd.nist.gov (CVE-2025-13316)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.