CVE-2025-13315 Scanner

Twonky Server is used by both individual and enterprise-level users as a media server, allowing them to stream digital media content across various devices. It is ideally employed in home network environments to enable streaming across TVs, tablets, and computers, providing a central repository for media files. Designed for both Windows and Linux platforms, it facilitates ease of access and organization of digital media content. Twonky Server is prized for its ability to deliver content via DNLA/UPnP protocols, making it compatible with many devices. Its broad adoption is driven by its user-friendly interface and extensive device support. However, the expansive capabilities of Twonky Server may occasionally expose certain vulnerabilities if not robustly secured.

This vulnerability relates to a broken access control weakness permitting unauthenticated attackers to access sensitive administrative log files without proper authentication. It is linked with API authentication bypass, which simultaneously allows unauthorized reading of critical data. The exposed data includes administrator credentials, which may lead to further exploitation. Critical due to its unauthenticated nature, the flaw exists in Twonky Server 8.5.2 and poses a high risk to systems utilizing this version. Such security misconfigurations can be exploited remotely, giving attackers indirect access to sensitive parts of the system. The severity rests in how intruders can potentially bypass typical security mechanisms seamlessly.

The vulnerability hinges on a critical endpoint within the Twonky Server environment: '/nmc/rpc/log_getfile.' This endpoint improperly discloses administrative log data when accessed without authentication. Attackers exploit aspects of the server's API, particularly the log file retrieval mechanism, bypassing usual security verifications. The critical issue is originated from improper handling of access authorization, neglecting to validate user authenticity. Through this flaw, an exploit involves crafting a GET request that can reveal system logs containing vital access information. Log files obtained might contain usernames and encrypted passwords, mismanagement of which raises security alarms.

Should this vulnerability be exploited, unauthorized individuals would gain access to sensitive log files containing administrative details, presenting a high risk of further attacks. Disclosure of administrator usernames and encrypted passwords can lead to unauthorized access to server configurations. Compromised credentials might result in additional infiltration and manipulation of media server settings and stored content. This infiltration has diverse repercussions, including data corruption, unauthorized data dissemination, and potential service disruptions. The indirect impact could extend to compromised network devices due to the cascading effects of access misuse.

REFERENCES

• https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed/