Description

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. Trilium is a single-user app without a username requirement, and brute-force protection bypass makes exploitation much more feasible. Multiple features provided by Trilium (e.g. MFA, share notes, custom request handler) indicate that Trilium can be exposed to the internet. This is fixed in version 0.97.0.

INFO

Published Date :

2025-08-05T00:14:33.857Z

Last Modified :

2025-08-05T13:55:55.320Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53544 vulnerability.

Vendors Products
Trilium Project
  • Trilium
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53544.

URL Resource
https://github.com/TriliumNext/Trilium/pull/6243/commits/04c8f8a1234e8c9f4a87da187180375227b21223 cve-icon cve-icon
https://github.com/TriliumNext/Trilium/releases/tag/v0.97.0 cve-icon cve-icon
https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hw5p-ff75-327r cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact