CVE-2025-67493

Homarr issing input sanitization and possible privilege escalation through ldap search query injection

Description

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

INFO

Published Date :

2025-12-17T21:09:44.090Z

Last Modified :

2025-12-18T15:09:27.419Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-67493 vulnerability.

Vendors	Products
Homarr-labs	Homarr

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67493.

URL	Resource
https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact