Vulnerabilites related to rommapp - romm
CVE-2025-54071 (GCVE-0-2025-54071)
Vulnerability from cvelistv5
Published
2025-07-21 20:09
Modified
2025-07-22 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the system. The vulnerability permits arbitrary file write operations, allowing attackers to create or modify files at any filesystem location with user-supplied content. A user with viewer role or Scope.ASSETS_WRITE permission or above is required to pass authentication checks. The vulnerability is fixed in version 4.0.0-beta.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54071",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T19:54:49.283993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T19:55:01.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "romm",
"vendor": "rommapp",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0-beta.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the system. The vulnerability permits arbitrary file write operations, allowing attackers to create or modify files at any filesystem location with user-supplied content. A user with viewer role or Scope.ASSETS_WRITE permission or above is required to pass authentication checks. The vulnerability is fixed in version 4.0.0-beta.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T20:09:17.687Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rommapp/romm/security/advisories/GHSA-fgxf-hggc-qqmq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rommapp/romm/security/advisories/GHSA-fgxf-hggc-qqmq"
},
{
"name": "https://github.com/rommapp/romm/commit/89248d03805e5fabca78443dd202ff32e0b4d9f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/commit/89248d03805e5fabca78443dd202ff32e0b4d9f3"
}
],
"source": {
"advisory": "GHSA-fgxf-hggc-qqmq",
"discovery": "UNKNOWN"
},
"title": "RomM\u0027s authenticated arbitrary file write vulnerability can lead to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54071",
"datePublished": "2025-07-21T20:09:17.687Z",
"dateReserved": "2025-07-16T13:22:18.205Z",
"dateUpdated": "2025-07-22T19:55:01.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53908 (GCVE-0-2025-53908)
Vulnerability from cvelistv5
Published
2025-07-16 19:55
Modified
2025-07-18 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-26 - Path Traversal: '/dir/../filename'
Summary
RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53908",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:21:41.812165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:21:44.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "romm",
"vendor": "rommapp",
"versions": [
{
"status": "affected",
"version": "\u003c 3.10.3"
},
{
"status": "affected",
"version": "\u003c 4.0.0-beta.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T19:55:31.608Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rommapp/romm/security/advisories/GHSA-fx9g-xw4j-jwc3"
},
{
"name": "https://github.com/rommapp/romm/commit/7c94cb05e74ddb6a6af7b82320686c01754e9966",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/commit/7c94cb05e74ddb6a6af7b82320686c01754e9966"
},
{
"name": "https://github.com/rommapp/romm/commit/baa1a9759079c36e36a9f10c920c46b57d0b6151",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/commit/baa1a9759079c36e36a9f10c920c46b57d0b6151"
},
{
"name": "https://github.com/rommapp/romm/blob/4.0.0-beta.2/backend/endpoints/raw.py#L31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rommapp/romm/blob/4.0.0-beta.2/backend/endpoints/raw.py#L31"
}
],
"source": {
"advisory": "GHSA-fx9g-xw4j-jwc3",
"discovery": "UNKNOWN"
},
"title": "RomM vulnerable to Authenticated Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53908",
"datePublished": "2025-07-16T19:55:15.844Z",
"dateReserved": "2025-07-11T19:05:23.827Z",
"dateUpdated": "2025-07-18T14:21:44.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}