Authentication Bypass Vulnerability in BookLore Web App by BookLore
CVE-2025-62614

8.7HIGH

Key Information:

Vendor: Booklore-app
Status: Booklore
Vendor: CVE Published:; 22 October 2025

🔔 Create Booklore-app Vulnerability Alert

What is CVE-2025-62614?

The BookLore web application suffers from an authentication bypass vulnerability, allowing unauthenticated users to access sensitive book content. In versions 1.8.1 and earlier, missing access control annotations in the BookMediaController permit unauthorized users to download book covers and complete PDF/CBX content, while the CoverJwtFilter fails to halt processing without valid authentication tokens. This critical flaw enables attackers to enumerate and exfiltrate all book content, undermining the intended security settings. Patch details are available in the latest commit.

Affected Version(s)

booklore <= 1.8.1

References

https://github.com/booklore-app/booklore/security/advisor...

x_refsource_CONFIRM

https://github.com/booklore-app/booklore/commit/b226c4334...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Oct 16, 2025

JSON