Unrestricted File Upload Flaws in RomM by Rom Manager

CVE-2025-65027

What is CVE-2025-65027?

RomM, developed by Rom Manager, provides users the ability to manage and enjoy their game collections seamlessly. However, it contains significant vulnerabilities allowing authenticated users to upload malicious SVG or HTML files without proper restrictions. This can lead to stored Cross-Site Scripting (XSS) when such files are accessed by other users due to the execution of embedded JavaScript in their browsers. Moreover, when this XSS vulnerability is exploited in conjunction with a Cross-Site Request Forgery (CSRF) misconfiguration, it opens the door for attackers to completely compromise administrative accounts, potentially leading to the creation of rogue admin accounts and unauthorized escalation of user privileges. The vulnerabilities have been addressed in versions 4.4.1 and 4.4.1-beta.2.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References