Local Access Permission Issues in Sonarr by Sonarr
CVE-2025-13131

8.5HIGH

Key Information:

Vendor

Sonarr

Status
Sonarr
Vendor
CVE Published:
13 November 2025

What is CVE-2025-13131?

A local access vulnerability has been identified in Sonarr versions up to 4.0.15.2940, specifically affecting the permissions of the Sonarr.Console.exe component. This vulnerability arises from improper default permissions settings within the service, allowing a user with local access to manipulate permissions. Although accessing this vulnerability requires local credentials, which limits the potential for external exploitation, it highlights the need for careful service user configurations. The vendor is planning to address this issue in the upcoming major release, version 5.

Affected Version(s)

Sonarr 4.0.15.2940

References

https://vuldb.com/?id.332362
vdb-entry
https://vuldb.com/?ctiid.332362
signaturepermissions-required
https://vuldb.com/?submit.683894
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lakshay12311 (VulDB User)
JSON
.
CVE-2025-13131 : Local Access Permission Issues in Sonarr by Sonarr