CVE-2025-13130

HIGH

Radarr 5.28.0.10274 - Privilege Escalation

Title source: llm

Description

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?id.332361

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.332361

[Permissions Required, VDB Entry] https://vuldb.com/?submit.683876

[Various Sources] https://github.com/lakshayyverma/CVE-Discovery/blob/main/Radarr.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-266 CWE-276

Status published

Products (1)

n/a/Radarr 5.28.0.10274

Published Nov 13, 2025

Tracked Since Feb 18, 2026