CNNVD-202508-2704 Information
CNNVD ID
CNNVD-202508-2704
Related CVE
- CNNVD Published: 2025-08-22
Description (Chinese)
Audiobookshelf是Audiobookshelf开源的一个自托管的有声读物和播客服务器。 Audiobookshelf 2.6.0至2.26.3版本存在安全漏洞,该漏洞源于OIDC认证中未限制重定向回调URL,可能导致账户接管。
Description (English)
Audiobookshelf is a self-hosted, audio-reader and podcast server from Audiobookshelf. There is a security loophole in Audiobookshelf, versions 2.6.0 to 2.26.3, which stems from the unrestricted re-direction of URLs in the ODS certification, which may lead to the account taking over.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Audiobookshelf
Published
2025-08-22
Last Modified
2026-02-24
References
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-vpc2-w73p-39px https://github.com/advplyr/audiobookshelf/commit/99a3867ce934b797e21e6ba5390d4b679e35f7cb https://access.redhat.com/security/cve/cve-2025-57800 https://nvd.nist.gov/vuln/detail/CVE-2025-57800
Patch
https://github.com/advplyr/audiobookshelf/releases
Share on: