Medium severityOSV Advisory· Published Jul 2, 2025· Updated Apr 15, 2026

CVE-2025-53108

Description

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item attachments that they do not own. This issue could lead to unauthorized data manipulation or loss of critical inventory data. This issue has been patched in version 0.20.1. There are no workarounds, users must upgrade.

Affected products

Sysadminsmedia/HomeboxOSV
Range: v0.1.0, v0.11.0, v0.11.1, …

Patches

0d2a6d6ac857

https://github.com/sysadminsmedia/homeboxvia osv

e159dd8a0b5d

https://github.com/sysadminsmedia/homeboxvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000