CVE-2025-65096
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-03

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verification or checking if the collection is public/private before returning collection data. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-03
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2025-12-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65096
EUVD
EUVD-2025-201130
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
romm.app romm to 4.4.1 (exc)
romm.app romm 4.4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in RomM (ROM Manager) versions prior to 4.4.1 and 4.4.1-beta.2 allows users to access private or smart collections of other users by directly using their collection IDs via the API. The system does not verify ownership or check whether the collection is public or private before returning the collection data, leading to unauthorized access.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of private game collections belonging to other users. This means sensitive or personal data stored in these collections could be exposed to unauthorized users, potentially compromising user privacy and trust.

Mitigation Strategies

Update RomM (ROM Manager) to version 4.4.1 or later, or to 4.4.1-beta.2 or later, as these versions contain the fix for this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart