CVE-2025-67493

HIGH

Homarr < 1.45.3 - Improper Input Validation

Title source: rule

Description

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

References (1)

[Vendor Advisory] https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-90 CWE-20

Status published

Products (1)

homarr/homarr < 1.45.3

Published Dec 17, 2025

Tracked Since Feb 18, 2026