Share
## https://sploitus.com/exploit?id=7F137FD6-AE20-535F-816D-12B26E6C8A40
# π¨ CVE-2025-13315: Authentication Bypass Alert

## π Overview
**CVE-2025-13315** is a **critical authentication-bypass vulnerability** in **Twonky Server 8.5.2** (Linux & Windows).
A hidden alternative routing path allows access to protected API endpoints **without logging in**.
---
## π¨ Severity
**CVSS Score: 9.3 β Critical**
### What an attacker can do:
* Access certain `/nmc/rpc/` web API endpoints **without authentication**
* Download log files containing:
* **Admin username**
* **Encrypted admin password**
* Combine this issue with CVE-2025-13316 to **decrypt the password** (due to hard-coded crypto keys)
* Gain **full administrative control** of the server
### How to Use (Tested & Confirmed Working)
```
# Install dependency
pip3 install requests cryptography
# Run the PoC
sudo python3 CVE-2025-13315.py http://192.168.1.50:9000
```
### Example Real Output (on a vulnerable NAS):
```
[+] SUCCESS! Plaintext credentials recovered:
Username: admin
Password: MySecretAdminPass123!
```
---
## π§© Why It Matters
* Fully remote
* No credentials or user interaction required
* Easy to exploit
* Vendor issued *no patch* and stated a fix is not planned
* ~850 servers are publicly exposed online
---
## π Affected Version
* **Twonky Server 8.5.2**
(No patched version available)
---
## π‘οΈ Mitigation (Since No Fix Exists)
**1. Immediately stop exposing Twonky Server to the internet**
* Restrict access using firewall rules
* Use IP whitelisting or put the server behind a VPN
**2. Change all administrator credentials**
Assume previous ones are compromised.
**3. Disable or restrict the Web API**
If you donβt need remote management, turn it off.
**4. Monitor for compromise**
Watch for hits to:
```
/nmc/rpc/
/nmc/rpc/log_getfile
```
**5. Consider migrating to modern, maintained media-server software**
(Emby, Jellyfin, Plex, etc.)
---
*β οΈ For informational purposes only β not a guide for misuse.*