CVE-2025-13130
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-13
Assigner: VulDB
Description
Description
A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radarr | radarr | 5.28.0.10274 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Radarr 5.28.0.10274 involves an unknown function in the Service component that leads to incorrect default permissions being set. The issue can only be exploited locally, meaning an attacker must have local access to the system to perform the attack.
How can this vulnerability impact me? :
The vulnerability can lead to incorrect default permissions, which may allow a local attacker to gain unauthorized access or escalate privileges, potentially compromising confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70