CNNVD-202507-2709 Information

CNNVD ID

CNNVD-202507-2709

Related CVE

CVE-2025-54071

• CNNVD Published: 2025-07-21

Description (Chinese)

Romm是The RomM Project开源的一个只读存储器的管理器。 Romm 4.0.0-beta.3及之前版本存在代码问题漏洞，该漏洞源于对/api/saves端点访问控制不当，可能导致任意文件写入和远程代码执行。

Description (English)

Romm is the manager of a read-only memory of the Open Source of The RomM Project. Romm 4.0.0-beta.3 and previous versions had a code gap, which stemmed from inadequate control over access to/api/saves endpoints, which could lead to the writing of any file and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

The RomM Project

Published

2025-07-21

Last Modified

2026-02-24

References

https://github.com/rommapp/romm/commit/89248d03805e5fabca78443dd202ff32e0b4d9f3 https://github.com/rommapp/romm/security/advisories/GHSA-fgxf-hggc-qqmq

Patch

https://github.com/rommapp/romm/releases