{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T17:43:38.097","vulnerabilities":[{"cve":{"id":"CVE-2025-25205","sourceIdentifier":"security-advisories@github.com","published":"2025-02-12T19:15:21.717","lastModified":"2025-07-03T00:58:22.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like \"\/api\/items\/1\/cover\" in a query parameter (?r=\/api\/items\/1\/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue."},{"lang":"es","value":"Audiobookshelf es un servidor de audiolibros y podcasts autoalojado. A partir de la versión 2.17.0 y antes de la versión 2.19.1, una falla en la lógica de omisión de autenticación permite que las solicitudes no autenticadas coincidan con ciertos patrones de expresiones regulares no anclados en la URL. Los atacantes pueden manipuleURL que contengan subcadenas como \"\/api\/items\/1\/cover\" en un parámetro de consulta (?r=\/api\/items\/1\/cover) para omitir parcialmente la autenticación o provocar fallas del servidor en ciertas rutas. Esto podría provocar la divulgación de información de datos que de otro modo estarían protegidos y, en algunos casos, una denegación completa del servicio (falla del servidor) si el código descendente espera un objeto de usuario autenticado. La versión 2.19.1 contiene un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-202"},{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*","versionStartIncluding":"2.17.0","versionEndExcluding":"2.19.1","matchCriteriaId":"6BA2660E-DF78-436C-9A89-9BC33EE11B22"}]}]}],"references":[{"url":"https:\/\/github.com\/advplyr\/audiobookshelf\/blob\/1a3d70d04100924d41391acb55bd8ddca486a4fa\/server\/Auth.js#L17-L41","source":"security-advisories@github.com","tags":["Product"]},{"url":"https:\/\/github.com\/advplyr\/audiobookshelf\/commit\/bf8407274e3ee300af1927ee660d078a7a801e1c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https:\/\/github.com\/advplyr\/audiobookshelf\/commit\/ec6537656925a43871b07cfee12c9f383844d224","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https:\/\/github.com\/advplyr\/audiobookshelf\/pull\/3584","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https:\/\/github.com\/advplyr\/audiobookshelf\/security\/advisories\/GHSA-pg8v-5jcv-wrvw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}