VYPR
High severityOSV Advisory· Published Jul 16, 2025· Updated Apr 15, 2026

CVE-2025-53908

CVE-2025-53908

Description

RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the /api/raw endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk user in the official implementation, may be affected. This allows the leakage of passwords and users that may be stored on the system. Versions 3.10.3 and 4.0.0-beta.3 contain a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rommapp/RommOSV2 versions
    3.0.0, 3.0.1, 3.0.2, …+ 1 more
    • (no CPE)range: 3.0.0, 3.0.1, 3.0.2, …
    • (no CPE)range: <3.10.3, <4.0.0-beta.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.