CVE-2025-65096
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-65096, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-03

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verification or checking if the collection is public/private before returning collection data. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-03
Last Modified
2026-02-24
Generated
2026-07-07
AI Q&A
2025-12-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
romm.app romm to 4.4.1 (exc)
romm.app romm 4.4.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in RomM (ROM Manager) versions prior to 4.4.1 and 4.4.1-beta.2 allows users to access private or smart collections of other users by directly using their collection IDs via the API. The system does not verify ownership or check whether the collection is public or private before returning the collection data, leading to unauthorized access.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of private game collections belonging to other users. This means sensitive or personal data stored in these collections could be exposed to unauthorized users, potentially compromising user privacy and trust.

Mitigation Strategies

Update RomM (ROM Manager) to version 4.4.1 or later, or to 4.4.1-beta.2 or later, as these versions contain the fix for this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart