Privilege Escalation Vulnerability in Homarr Dashboard by Homarr Labs
CVE-2025-67493

7.5HIGH

Key Information:

Vendor

Homarr-labs

Status
Homarr
Vendor
CVE Published:
17 December 2025

What is CVE-2025-67493?

The Homarr Dashboard, an open-source application, has a significant vulnerability that allows for privilege escalation through improperly sanitized inputs in LDAP search queries. This flaw primarily affects versions prior to 1.45.3, enabling a malicious actor with user account access to perform unauthorized actions and gain access to groups of other users. A fix has been implemented in version 1.45.3, addressing the input sanitization issue and reinforcing the security of instances using LDAP authentication.

Affected Version(s)

homarr < 1.45.3

References

https://github.com/homarr-labs/homarr/security/advisories...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.