Share
## https://sploitus.com/exploit?id=7F137FD6-AE20-535F-816D-12B26E6C8A40
# 🚨 CVE-2025-13315: Authentication Bypass Alert

![Critical Twonky Server Flaws Let Hackers Bypass Login Protection (1)](https://github.com/user-attachments/assets/043099e5-17bf-4477-ae26-920c4d72426b)

## πŸ” Overview

**CVE-2025-13315** is a **critical authentication-bypass vulnerability** in **Twonky Server 8.5.2** (Linux & Windows).
A hidden alternative routing path allows access to protected API endpoints **without logging in**.

---

## 🚨 Severity

**CVSS Score: 9.3 β€” Critical**

### What an attacker can do:

* Access certain `/nmc/rpc/` web API endpoints **without authentication**
* Download log files containing:

  * **Admin username**
  * **Encrypted admin password**
* Combine this issue with CVE-2025-13316 to **decrypt the password** (due to hard-coded crypto keys)
* Gain **full administrative control** of the server


### How to Use (Tested & Confirmed Working)

```
# Install dependency
pip3 install requests cryptography

# Run the PoC
sudo python3 CVE-2025-13315.py http://192.168.1.50:9000
```

### Example Real Output (on a vulnerable NAS):

```
[+] SUCCESS! Plaintext credentials recovered:
    Username: admin
    Password: MySecretAdminPass123!
```

---

## 🧩 Why It Matters

* Fully remote
* No credentials or user interaction required
* Easy to exploit
* Vendor issued *no patch* and stated a fix is not planned
* ~850 servers are publicly exposed online

---

## πŸ›‘ Affected Version

* **Twonky Server 8.5.2**
  (No patched version available)

---

## πŸ›‘οΈ Mitigation (Since No Fix Exists)

**1. Immediately stop exposing Twonky Server to the internet**

* Restrict access using firewall rules
* Use IP whitelisting or put the server behind a VPN

**2. Change all administrator credentials**
Assume previous ones are compromised.

**3. Disable or restrict the Web API**
If you don’t need remote management, turn it off.

**4. Monitor for compromise**
Watch for hits to:

```
/nmc/rpc/
/nmc/rpc/log_getfile
```

**5. Consider migrating to modern, maintained media-server software**
(Emby, Jellyfin, Plex, etc.)

---

*⚠️ For informational purposes only β€” not a guide for misuse.*