Incorrect Default Permissions in Radarr Service Affecting Local Environments
CVE-2025-13130

8.5HIGH

Key Information:

Vendor

Radarr

Status
Radarr
Vendor
CVE Published:
13 November 2025

What is CVE-2025-13130?

A security issue has been identified in Radarr version 5.28.0.10274, specifically related to the Radarr.Service component. This vulnerability arises from incorrect default permissions assigned to Radarr.Console.exe located at C:\ProgramData\Radarr\bin. The flaw allows potential attackers with local access to the system to exploit these default permissions, posing a risk to the integrity of the service and users' data. Despite early notifications to the vendor regarding this vulnerability, no response has been received, emphasizing the need for immediate examination and remediation by users of this version.

Affected Version(s)

Radarr 5.28.0.10274

References

https://vuldb.com/?id.332361
vdb-entry
https://vuldb.com/?ctiid.332361
signaturepermissions-required
https://vuldb.com/?submit.683876
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lakshay12311 (VulDB User)
JSON
.
CVE-2025-13130 : Incorrect Default Permissions in Radarr Service Affecting Local Environments