ByteOS Network

Vulnerability Details :

CVE-2025-32012

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-15 Apr, 2025 | 20:08

Updated At-15 Apr, 2025 | 20:13

Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same local network as the Jellyfin server. Due to the method Jellyfin uses to determine the source IP of a request, an unauthenticated attacker is able to spoof their IP to appear as a LAN IP, allowing them to restart the Jellyfin server process without authentication. This means that an unauthenticated attacker could mount a denial-of-service attack on any default-configured Jellyfin server by simply sending the same spoofed request every few seconds to restart the server over and over. This method of IP spoofing also bypasses some security mechanisms, cause a denial-of-service attack, and possible bypass the admin restart requirement if combined with remote code execution. This issue is patched in version 10.10.7.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:15 Apr, 2025 | 20:08

Updated At:15 Apr, 2025 | 20:13

▼CVE Numbering Authority (CNA)

Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Affected Products

Vendor

jellyfin

Product

jellyfin

Versions

Affected

>= 10.9.0, < 10.10.7

Problem Types

Type	CWE ID	Description
CWE	CWE-290	CWE-290: Authentication Bypass by Spoofing

Type: CWE

CWE ID: CWE-290

Description: CWE-290: Authentication Bypass by Spoofing

Metrics

Version	Base score	Base severity	Vector
4.0	4.6	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Version: 4.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

References

Hyperlink	Resource
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-qcmf-gmhm-rfv9	x_refsource_CONFIRM
https://github.com/jellyfin/jellyfin/commit/f625665cb116a7e3feb8b79aaf1ed39a956e0585	x_refsource_MISC

Hyperlink: https://github.com/jellyfin/jellyfin/security/advisories/GHSA-qcmf-gmhm-rfv9

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/jellyfin/jellyfin/commit/f625665cb116a7e3feb8b79aaf1ed39a956e0585

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:15 Apr, 2025 | 20:15

Updated At:06 Oct, 2025 | 16:49

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.6	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 4.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

jellyfin>>jellyfin>>Versions from 10.9.0(inclusive) to 10.10.7(exclusive)

cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-290	Primary	security-advisories@github.com

CWE ID: CWE-290

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/jellyfin/jellyfin/commit/f625665cb116a7e3feb8b79aaf1ed39a956e0585	security-advisories@github.com	Patch
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-qcmf-gmhm-rfv9	security-advisories@github.com	Mitigation Vendor Advisory

Hyperlink: https://github.com/jellyfin/jellyfin/commit/f625665cb116a7e3feb8b79aaf1ed39a956e0585

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/jellyfin/jellyfin/security/advisories/GHSA-qcmf-gmhm-rfv9

Source: security-advisories@github.com

Resource:

Mitigation

Vendor Advisory

Similar CVEs

4Records found

CVE-2021-40288

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-1.96% / 83.17%

7 Day CHG~0.00%

Published-07 Dec, 2021 | 19:13

Updated-04 Aug, 2024 | 02:27

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

Vendor-n/a TP-Link Systems Inc.

Product-archer_ax10 archer_ax10_firmware n/a

CWE ID-CWE-290

Authentication Bypass by Spoofing

CVE-2021-41753

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-1.44% / 80.37%

7 Day CHG~0.00%

Published-27 Sep, 2021 | 16:22

Updated-04 Aug, 2024 | 03:15

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames.

Vendor-n/a D-Link Corporation

Product-dir-x1560_firmware dir-x6060_firmware dir-x1560 dir-x6060 n/a

CWE ID-CWE-290

Authentication Bypass by Spoofing

CVE-2021-34548

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.09% / 24.72%

7 Day CHG~0.00%

Published-29 Jun, 2021 | 11:00

Updated-04 Aug, 2024 | 00:12

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

Vendor-torproject n/a

Product-tor n/a

CWE ID-CWE-290

Authentication Bypass by Spoofing

CVE-2023-28452

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.04% / 12.43%

7 Day CHG~0.00%

Published-18 Sep, 2024 | 00:00

Updated-19 Mar, 2025 | 21:15

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.

Vendor-coredns.io n/a

Product-coredns n/a

CWE ID-CWE-290

Authentication Bypass by Spoofing

CVE-2025-32012

Credits

Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs