Authenticated Path Traversal Vulnerability in RomM Self-Hosted ROM Manager
CVE-2025-53908
8.3HIGH
What is CVE-2025-53908?
RomM, a self-hosted ROM manager, contains an authenticated path traversal vulnerability in its '/api/raw' endpoint. Users operating versions older than 3.10.3 and 4.0.0-beta.3 may expose sensitive information, such as passwords and user data, to unauthorized individuals. This flaw affects even non-privileged users, highlighting serious security risks in multi-user environments. Updating to the latest versions is crucial to mitigate this vulnerability and protect sensitive data.
Affected Version(s)
romm < 3.10.3 < 3.10.3
romm < 4.0.0-beta.3 < 4.0.0-beta.3