Twonky Server

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-13316 HIGH This Week

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
8.2
EPSS
72.7%
CVE-2025-13315 CRITICAL POC THREAT Act Now

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control.

Information Disclosure Microsoft Twonky Server Windows
NVD
CVSS 4.0
9.3
EPSS
82.4%
CVE-2025-13316
EPSS 73% CVSS 8.2
HIGH This Week

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server.

Information Disclosure Microsoft Twonky Server +1
NVD
CVE-2025-13315
EPSS 82% CVSS 9.3
CRITICAL POC THREAT Act Now

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control.

Information Disclosure Microsoft Twonky Server +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy