Authenticated File Write Vulnerability in RomM Allows Remote Code Execution
CVE-2025-54071

9.4CRITICAL

Key Information:

Vendor: Rommapp
Status: Romm
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-54071?

RomM (ROM Manager) has a security vulnerability in versions 4.0.0-beta.3 and earlier that allows authenticated users to perform arbitrary file write operations through the /api/saves endpoint. This can lead to remote code execution, enabling attackers to create or modify files at any location in the filesystem using user-supplied content. Users with viewer role or higher permissions may bypass authentication checks to exploit this vulnerability. This issue has been addressed in version 4.0.0-beta.4.

Affected Version(s)

romm < 4.0.0-beta.4

References

https://github.com/rommapp/romm/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/rommapp/romm/commit/89248d03805e5fabca...

x_refsource_MISC

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jul 16, 2025

Rommapp

What is CVE-2025-54071?

Affected Version(s)

References

CVSS V4

Timeline