Detections
Analytics

CVE-2025-10669

medium

Description

A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used.

References

https://vuldb.com/?submit.652356

https://vuldb.com/?id.324790

https://vuldb.com/?ctiid.324790

https://github.com/mikecole-mg/security_findings/blob/main/airsonic-advanced/airsonic-rce.md

Details

Source: Mitre, NVD

Published: 2025-09-18

Updated: 2025-09-19

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00034