Home > Vulnerability Database > CVE-2025-67493

Mend.io Vulnerability Database

CVE-2025-67493

Good to know:

Date: December 17, 2025

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

Severity Score

7.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67493

Url: https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q

Url: https://www.mend.io/vulnerability-database/CVE-2025-67493

Severity Score

7.5

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CWE-90

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version https://github.com/homarr-labs/homarr.git - v1.45.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67493

Good to know:

Date: December 17, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?