Description

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue.

INFO

Published Date :

2025-02-12T18:16:01.326Z

Last Modified :

2025-02-13T14:14:25.849Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-25205 vulnerability.

Vendors Products
Audiobookshelf
  • Audiobookshelf
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25205.

URL Resource
https://github.com/advplyr/audiobookshelf/blob/1a3d70d04100924d41391acb55bd8ddca486a4fa/server/Auth.js#L17-L41 cve-icon cve-icon
https://github.com/advplyr/audiobookshelf/commit/bf8407274e3ee300af1927ee660d078a7a801e1c cve-icon cve-icon
https://github.com/advplyr/audiobookshelf/commit/ec6537656925a43871b07cfee12c9f383844d224 cve-icon cve-icon
https://github.com/advplyr/audiobookshelf/pull/3584 cve-icon cve-icon
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-pg8v-5jcv-wrvw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact