Home

Description

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-17 | Updated 2025-12-18 | Assigner GitHub_M




HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

Problem types

CWE-20: Improper Input Validation

CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Product status

< 1.45.3
affected

References

github.com/...homarr/security/advisories/GHSA-59gp-q3xx-489q

cve.org (CVE-2025-67493)

nvd.nist.gov (CVE-2025-67493)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.