Description

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3.

INFO

Published Date :

2025-08-12T20:52:41.789Z

Last Modified :

2025-08-13T20:01:53.112Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55165 vulnerability.

Vendors Products
Autocaliweb Project
  • Autocaliweb
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55165.

URL Resource
https://github.com/gelbphoenix/autocaliweb/commit/f455051f7c758ae8490186718b73e449f353b702 cve-icon cve-icon
https://github.com/gelbphoenix/autocaliweb/releases/tag/v0.8.3 cve-icon cve-icon
https://github.com/gelbphoenix/autocaliweb/security/advisories/GHSA-44vp-wgh9-9535 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact