Skip to main content

HomeBox CVE-2025-53108

| EUVDEUVD-2025-19731 MEDIUM
Missing Authorization (CWE-862)
2025-07-02 security-advisories@github.com
5.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
0.20.1
EUVD ID Assigned
Mar 16, 2026 - 01:55 euvd
EUVD-2025-19731
Analysis Generated
Mar 16, 2026 - 01:55 vuln.today
CVE Published
Jul 02, 2025 - 15:15 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item attachments that they do not own. This issue could lead to unauthorized data manipulation or loss of critical inventory data. This issue has been patched in version 0.20.1. There are no workarounds, users must upgrade.

AnalysisAI

A security vulnerability in HomeBox (CVSS 5.3) that allows authenticated users. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-862 (Missing Authorization). Affects HomeBox.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-53108 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy