VYPR
Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 3, 2025

Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections

CVE-2025-65097

Description

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No ownership verification is performed before deleting collections. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rommapp/Rommllm-fuzzy2 versions
    <4.4.1+ 1 more
    • (no CPE)range: <4.4.1
    • (no CPE)range: < 4.4.1-beta.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.