CVE-2025-13315
CRITICAL EXPLOITED NUCLEITwonky Server Log Leak Authentication Bypass
Title source: metasploitExploitation Summary
CVE-2025-13315 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 2 public exploits from researchers including 0xBlackash, remmons-r7, including a Metasploit module auxiliary/gather/twonky_authbypass_logleak.
A Nuclei detection template is also available.
AI-analyzed exploit summary The repository contains a functional Python script that exploits CVE-2025-13315, an authentication bypass vulnerability in Twonky Server 8.5.2, allowing unauthenticated access to log files containing sensitive credentials. The script sends a GET request to the vulnerable endpoint and saves the leaked log for analysis.
Description
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Exploits (2)
The repository contains a functional Python script that exploits CVE-2025-13315, an authentication bypass vulnerability in Twonky Server 8.5.2, allowing unauthenticated access to log files containing sensitive credentials. The script sends a GET request to the vulnerable endpoint and saves the leaked log for analysis.
This Metasploit module exploits an authentication bypass (CVE-2025-13315) in Twonky Server 8.5.2 to leak encrypted administrator credentials from logs, then decrypts them using hardcoded keys (CVE-2025-13316). It confirms vulnerability, extracts credentials, and outputs plaintext credentials.
Nuclei Templates (1)
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H