CNNVD-202512-341 Information

CNNVD ID

CNNVD-202512-341

Related CVE

CVE-2025-65027

• CNNVD Published: 2025-12-03

Description (Chinese)

Romm是The RomM Project开源的一款美观、强大、可自托管的 ROM 管理器和播放器。 Romm 4.4.1之前版本和4.4.1-beta.2之前版本存在代码问题漏洞，该漏洞源于存在多个不受限制的文件上传，可能导致存储型跨站脚本和账户接管。

Description (English)

Romm is an aesthetic, powerful, self-serving ROM manager and player for The RomM Project Open Source. There is a code problem loophole in previous versions of Romm 4.4.1 and 4.4.1-beta.2, which stems from the existence of numerous unrestricted document uploads, which may lead to storage-type cross-site scripts and account takeovers.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

The RomM Project

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/rommapp/romm/security/advisories/GHSA-v3c6-w996-f7hx https://access.redhat.com/security/cve/cve-2025-65027

Patch

https://github.com/rommapp/romm/releases