Libretime CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-60427	1 Libretime	1 Libretime	2025-10-23	6.5 Medium
LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of station-wide metrics. This results in information disclosure to less privileged users.
CVE-2021-43685	1 Libretime	1 Libretime Hv	2024-11-21	9.8 Critical
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

Page 1 of 1.