CVE-2025-67493
LDAP Injection in Homarr Dashboard Enables Privilege Escalation
Publication date: 2025-12-17
Last updated on: 2025-12-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| homarr | homarr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-90 | The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability in Homarr versions prior to 1.45.3 is due to missing input sanitization in LDAP search queries, which allows an attacker to perform LDAP injection. By crafting malicious inputs, an attacker with access to a user account can manipulate LDAP queries to escalate privileges and gain unauthorized access to groups of other users. The root cause is improper input validation and neutralization of special LDAP query elements. The issue is fixed in version 1.45.3 by validating inputs to exclude special characters and ensuring only one user matches the LDAP query. [1]
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation and unauthorized access to other users' group information in Homarr instances using LDAP authentication. An attacker who has access to a user account can exploit this flaw to gain higher privileges and access sensitive information, potentially compromising confidentiality and integrity of the system. The impact includes high confidentiality and integrity risks, though availability impact is low. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unusual LDAP search queries that contain special characters or patterns indicative of LDAP injection attempts. Since the vulnerability arises from crafted inputs manipulating LDAP queries, inspecting LDAP logs for anomalous queries or unexpected group access patterns can help. Specific commands depend on your LDAP server and logging setup, but generally, you can use commands like 'ldapsearch' with filters to detect suspicious queries or review logs with tools like 'grep' to find LDAP queries containing special characters such as '*', '(', ')', or '\'. For example, on a system with access to LDAP logs, you might run: grep -E '\(|\)|\*' /var/log/ldap.log. However, no exact commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to upgrade Homarr to version 1.45.3 or later, which includes a patch that properly sanitizes LDAP inputs to prevent injection. As a workaround, you can disable LDAP authentication entirely, though this will prevent login functionality. Ensuring that only trusted users have LDAP account access and monitoring for suspicious activity can also help reduce risk until the patch is applied. [1]