Buffer Overflow Vulnerability in Owntone Server by Owntone
CVE-2025-44560

9.8CRITICAL

Key Information:

Vendor: Owntone
Status: Owntone Server
Vendor: CVE Published:; 10 April 2026

What is CVE-2025-44560?

The Owntone Server version 2ca10d9 is susceptible to a buffer overflow vulnerability caused by inadequate recursive checking. This flaw may allow an attacker to exploit the server, potentially leading to unauthorized access or remote code execution. It is crucial for users to update to the latest version where this vulnerability has been addressed to ensure the stability and security of their systems. For more details, refer to the GitHub issue and Gist.

References

https://github.com/owntone/owntone-server/issues/1873

https://gist.github.com/wenwenyuyu/517851c3fe38c4f97b2d19...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 22, 2025

CVE-2025-44560 Data

JSON