ByteOS Network

homarr

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-67493

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.5||HIGH

EPSS-0.10% / 28.67%

7 Day CHG~0.00%

Published-17 Dec, 2025 | 21:09

Updated-30 Jan, 2026 | 18:32

Homarr issing input sanitization and possible privilege escalation through ldap search query injection

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue.

Vendor-homarr homarr-labs

Product-homarr homarr

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CVE-2025-54313

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-4.59% / 88.99%

7 Day CHG+0.52%

Published-19 Jul, 2025 | 00:00

Updated-23 Jan, 2026 | 18:33

Known KEV||Action Due Date - 2026-02-12||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Vendor-prettier un-ts homarr alexghr prettier Prettier Microsoft Corporation

Product-homarr got-fetch eslint-config-prettier pkgr\/core windows eslint-plugin-prettier napi-postinstall synckit eslint-config-prettier eslint-config-prettier

CWE ID-CWE-506

Embedded Malicious Code