CNNVD-202512-3189 Information

CNNVD ID

CNNVD-202512-3189

Related CVE

CVE-2025-67493

• CNNVD Published: 2025-12-17

Description (Chinese)

homarr是Thomas Camlong个人开发者的一个可定制的浏览器主页，用于与主服务器的 Docker 容器进行交互。 homarr 1.45.3之前版本存在注入漏洞，该漏洞源于ldap搜索查询输入清理不足，可能导致权限提升和访问其他用户组。

Description (English)

Homarr is the home page of a custom browser for Thomas Camlong personal developer to interact with the Docker container on the main server. There is an injection loophole in the pre-homarr 1.45.3 version, which stems from the inadequate clearance of ldap search query input, which may lead to the upgrading of privileges and access to other user groups.

Hazard Level

Medium

Vulnerability Type

注入

Affected Vendor

个人开发者

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q https://access.redhat.com/security/cve/cve-2025-67493

Patch

https://homarr.dev/docs/category/installation-1